Cybersecurity Engineer / Incident Commander

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from TekStream Solutions

Location: Eastern or central United States, Remote. Must accommodate meetings in the eastern time zone.

This role is ideal for a highly skilled cybersecurity professional with deep expertise in incident response (IR), threat hunting, and Splunk SPL (Search Processing Language). You will play a pivotal role in detecting, analyzing, and responding to sophisticated cyber threats, leveraging Splunk search, Splunk SOAR, and advanced threat intelligence, as well as refining Splunk searches for automated deployment across multiple customers.

Key Responsibilities

1. Incident Response & Forensics: Lead Level 3 investigations of security incidents, conduct deep-dive forensic analysis, and develop remediation strategies.
2. Threat Hunting: Proactively hunt for cyber threats within enterprise environments using advanced analytics and threat intelligence.
3. Splunk Expertise: Develop and optimize SPL queries, build correlation searches, and fine-tune detections to enhance SIEM capabilities.
4. Threat Intelligence Integration: Utilize threat intelligence to enrich detection capabilities and improve response workflows.
5. Automation & SOAR: Leverage Splunk SOAR and other automation tools to streamline incident response processes.
6. Security Best Practices: Develop playbooks, runbooks, and provide guidance to junior analysts to improve overall security posture.
7. Red Team Collaboration: Work closely with penetration testers and red teams to enhance detection capabilities and improve security defenses.

Qualifications & Skills

1. 5+ years of experience in cybersecurity with a focus on incident response, threat hunting, and SOC operations.
2. Deep understanding of cyber kill chain, MITRE ATT&CK framework, and adversary TTPs.
3. Strong expertise in Splunk SPL, including writing advanced queries, dashboards, correlation rules, and detections.
4. Hands-on experience with Splunk SOAR for security automation and orchestration.
5. Experience with malware analysis, digital forensics, memory analysis, and network traffic analysis.
6. Knowledge of cloud security (AWS, Azure, or GCP) and detection strategies for cloud-based threats.
7. Familiarity with endpoint detection and response (EDR) tools such as CrowdStrike, SentinelOne, Microsoft Defender, etc.
8. Scripting and automation skills in Python, PowerShell, or Bash are a plus.
9. Relevant certifications such as GIAC GCFA, GCFE, GCIH, OSCP, Splunk Certified Admin/Architect are highly desirable.

Daily Duties

1. 50% (approximately 20 hours/week) managing the library of searches
2. 25% (approximately 10 hours/week) performing incident commander duties (based on when incidents occur)
3. 25% (approximately 10 hours/week) doing proactive threat hunting

• Mid-Senior level

• Full-time

• Information Technology and Consulting

• IT Services and IT Consulting

Referrals increase your chances of interviewing at TekStream Solutions by 2x

• Medical insurance
• Vision insurance
• 401(k)
• Paid maternity leave
• Paid paternity leave
• Tuition assistance

Get notified about new Cyber Security Engineer jobs in United States.