7 дней назад
Senior Incident Response Engineer
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
Текст:
TL;DR
Senior Incident Response Engineer: Lead investigative execution of active cyber incidents for MDR customers and MSPs with an accent on incident investigation, containment, and remediation using technologies. Focus on advanced analysis of initial access, persistence, and lateral movement, plus continuous improvement of detection logic and high-quality incident reporting.
Company
provides an AI-driven cybersecurity platform and expert-led managed detection and response services.
What you will do
- Investigate, contain, and respond to cyber incidents using technologies
- Perform advanced incident response analysis to identify initial access, persistence, and lateral movement
- Support MDR customers and MSPs via calls and meetings, providing priority containment and remediation recommendations
- Analyze incidents for malware, ransomware, and other common attack types
- Maintain detailed documentation and produce accurate technical incident reports for customers
- Collaborate with internal Labs, Detection Engineering, and Threat Hunting to improve detection logic
Requirements
- Location: must be based in Romania
- 4+ years of methodical cyber security investigations or 2+ years of incident response engagement experience
- Understanding of network architecture and IT infrastructure
- Experience creating technical documentation and customer-facing technical reports
- Network and endpoint investigation experience (macOS, Linux, Windows), including IDS/IPS/EDR and basic malware analysis
- Knowledge of at least one of: OSQuery, SQL, or KQL; experience applying MITRE ATT&CK and/or Cyber Kill Chain frameworks
Culture & Benefits
- Remote-first working model with remote as the primary option
- Ability to work some weekends and holidays as part of incident response coverage
- Mentoring and technical guidance responsibilities for incident response analysts
- Collaboration across internal security teams to continuously improve incident response capability
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →