Location: Remote (Global
Travel Not Required
Full Time / Part Time
The successful candidate will be working shifts in a 24×7 environment.
About the Role:
The Incident Response Engineer (IRE) is a key technical role within the Security Services team. As an IRE, you will utilize your security expertise to identify, detect, and promptly notify clients of ongoing security events within their environment. This position requires an understanding of various threats and attack methodologies, as well as demonstrated experience in technical security positions. In support of Cumulus’s global client base, the sucessful candate will work remotely from any location of their preference, either full time or part time, in a shift-based 24×7 environment. Therefore, the candidate must be able to demonstrate the organizational skills and aptitude to work independently and effectively with minimal oversight.
Responsibilities:
- Efficiently and accurately analyze incoming security events from various data sources including network, endpoint, and logs
- Exceptional ability to prioritize incoming events effectively
- Commitment to seeing security incidents through to completion, including detection, collaboration with team members, and clear communication with internal and external stakeholders
- Participate in complex investigations within your area of expertise and collaborate with other experts from different disciplines as necessary
- Prioritize tasks based on both explicit and implied priorities
- Perform thorough quality reviews on tickets, security engagements, and system-level processes to identify areas of improvement
- Utilize your security expertise on the development platform to enhance signal accuracy while reducing noise
- Continuously expand your security knowledge and expertise within a specific competency
Required Skills and Experience:
- Possess at least 3 years of industry experience in roles related to Information Security, Network Security, or Cyber Security.
- Preferably, have an additional 1 year of experience in Network Admin, System Admin, Cloud Admin, or similar positions.
- Demonstrate technical proficiency in at least two (2) of the following areas:
— Networking – common protocols, server/client infrastructure, routers, switches, WAPs, etc
— Perimeter – firewalls, IDS, IPS, UTM, WAF, Gateways, Proxys, Mail Servers, etc
— Authentication – AD, SSO, MFA, etc
— IaaS – cloud services, AWS, Azure, GCP
— End Point – MDM, EDR, EPP, AV
— SaaS – collaboration tools including O365, GSuite, Box, Salesforce, Workday, etc - Prior experience in a Security Operation Center, security incident response teams, or roles involving security forensics or malware analysis.
- Ability to conduct analysis of log and system data from the aforementioned technologies and other IT systems.
- Display proficiency in one or more scripting tools and programming languages like Python, Bash, and Power Shell.
- Possess excellent written and verbal communication skills.
- Maintain a positive and proactive attitude.
- Exhibit a commitment to learning and continuous self-improvement.
- While specific degrees or certifications are not required, engineering or technology degrees are desirable. Any security or IT certifications like CISSP are also advantageous.
