Investigate and respond to cybersecurity incidents, including phishing, malware, ransomware, and unauthorized access attempts.
Perform analysis of logs, alerts, and forensic data to determine the scope and impact of incidents.
Escalate complex or high-severity incidents to Engineer III, Lead, or Principal staff, providing clear documentation and evidence.
Assist in containment, eradication, and recovery activities during incident response.
Contribute to the development and maintenance of SOC playbooks, runbooks, and standard operating procedures.
Collaborate with threat intelligence, vulnerability management, and forensics teams to strengthen detection and response strategies.
Participate in lessons-learned sessions and recommend improvements to SOC processes and tooling.
Support junior analysts (Engineer I) by sharing knowledge and providing guidance on investigative techniques.

Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent work experience
3–5 years of progressive experience in cybersecurity, with at least 2 years in SOC operations or incident response
Strong knowledge of cybersecurity fundamentals, incident response methodology, and adversary tactics
Familiarity with industry frameworks such as NIST, MITRE ATT&CK, and ISO 27035
Preferred Certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), CompTIA Security+, CySA+, Certified Ethical Hacker (CEH)
Hands-on experience with SIEM, EDR, and forensic tools (e.g., Splunk, CrowdStrike, Wireshark)
Strong written and verbal communication skills for documenting findings and briefing stakeholders.

Engineer II – Cyber Incident Response

Key skills