Sr. Information Security Engineer - Incident Response

Purpose

This role is responsible for establishing and maintaining the enterprise-wide IT security infrastructure to ensure the security, integrity, and availability of the company’s information assets. This includes the rigorous application of information security and information assurance policies, principles, and practices, with a strong emphasis on Incident Response readiness and operational execution. The position will lead efforts to detect, analyze, contain, eradicate, and recover from security incidents while continuously improving response processes, tooling, playbooks, and defensive capabilities.

Responsibilities

• Provide efficient and effective Infrastructure Security Operations Support of all supported infrastructure security components
• Investigate and analyze common security incidents, including malware infections, phishing attempts, unauthorized access, and suspicious network activity.
• Develop, maintain, and optimize Incident Response playbooks and SOPs to ensure consistent, efficient detection, containment, eradication, and recovery processes.
• Collaborate closely with the MSSP to refine detection use cases, validate alerts, coordinate response actions, and improve overall SOC effectiveness.
• Drive containment and remediation efforts during active security events, working with cross‑functional teams to minimize impact and ensure rapid recovery.
• Support and enhance email security controls, including phishing analysis, message tracing, and mail flow/security policy tuning.
• Participate in an on‑call rotation to provide timely response during off‑hours incidents.
• Conduct root‑cause analysis and produce post‑incident reports, identifying gaps and recommending improvements to tooling, processes, and security posture.
• Assist in threat hunting activities to proactively identify emerging threats or abnormal behaviors in the environment.
• Contribute to continuous improvement of logging, monitoring, and alerting across security platforms.
• Provide timely and effective maintenance and repair support on all supported infrastructure security components