Cybersecurity Engineer / Incident Commander

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from TekStream Solutions

Location: Eastern or central United States, Remote. Must accommodate meetings in the eastern time zone.

This role is ideal for a highly skilled cybersecurity professional with deep expertise in incident response (IR), threat hunting, and Splunk SPL (Search Processing Language). You will play a pivotal role in detecting, analyzing, and responding to sophisticated cyber threats, leveraging Splunk search, Splunk SOAR, and advanced threat intelligence, as well as refining Splunk searches for automated deployment across multiple customers.

Key Responsibilities

• Incident Response & Forensics: Lead Level 3 investigations of security incidents, conduct deep-dive forensic analysis, and develop remediation strategies.
• Threat Hunting: Proactively hunt for cyber threats within enterprise environments using advanced analytics and threat intelligence.
• Splunk Expertise: Develop and optimize SPL queries, build correlation searches, and fine-tune detections to enhance SIEM capabilities.
• Threat Intelligence Integration: Utilize threat intelligence to enrich detection capabilities and improve response workflows.
• Automation & SOAR: Leverage Splunk SOAR and other automation tools to streamline incident response processes.
• Security Best Practices: Develop playbooks, runbooks, and provide guidance to junior analysts to improve overall security posture.
• Red Team Collaboration: Work closely with penetration testers and red teams to enhance detection capabilities and security defenses.

Qualifications & Skills

• 5+ years of experience in cybersecurity with a focus on incident response, threat hunting, and SOC operations.
• Deep understanding of the cyber kill chain, MITRE ATT&CK framework, and adversary TTPs.
• Strong expertise in Splunk SPL, including writing advanced queries, dashboards, correlation rules, and detections.
• Hands-on experience with Splunk SOAR for security automation and orchestration.
• Experience with malware analysis, digital forensics, memory analysis, and network traffic analysis.
• Knowledge of cloud security (AWS, Azure, or GCP) and detection strategies for cloud-based threats.
• Familiarity with endpoint detection and response (EDR) tools such as CrowdStrike, SentinelOne, Microsoft Defender, etc.
• Scripting and automation skills in Python, PowerShell, or Bash are a plus.
• Relevant certifications such as GIAC GCFA, GCFE, GCIH, OSCP, Splunk Certified Admin/Architect are highly desirable.

Daily Duties

• Approximately 50% (about 20 hours/week) managing the library of searches.
• Approximately 25% (about 10 hours/week) performing incident commander duties (based on incident occurrence).
• Approximately 25% (about 10 hours/week) engaging in proactive threat hunting.

Not Applicable

Full-time

Information Technology and Consulting

IT Services and IT Consulting

Referrals increase your chances of interviewing at TekStream Solutions by 2x

Medical insurance

Vision insurance

401(k)

Paid maternity leave

Paid paternity leave

Tuition assistance

Get notified about new Cyber Security Engineer jobs in United States.

United States $85,000.00-$110,000.00 11 hours ago

San Francisco, CA $139,100.00-$206,000.00 2 weeks ago

North Carolina, United States $92,558.61-$120,326.20 3 weeks ago

Cyber Security Detection Engineer - (Fulltime) 100% Remote, United States, $65,000.00-$75,000.00, 3 days ago

Cyber Security Engineer (Remote Opportunity), Home, KS, $105,000.00-$125,000.00, 3 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.