Job Title: Incident Response Engineer (Specializing in Incident Response Tools Management)
Department: Montefiore IT Information Security
Reports To: Director of Cybersecurity Operations
Job Summary:
The Incident Response Engineer, with a specialization in Incident Response Tools Management, is a key leader within the cybersecurity team responsible for the deployment, configuration, and optimization of tools used to detect, investigate, and respond to security incidents. This role involves ensuring that the incident response tools are properly integrated, maintained, and leveraged to enhance the organization’s ability to respond to threats effectively. The Incident Response Engineer collaborates with various teams to optimize the use of these tools, provide guidance on tool capabilities, and ensure the organization's incident response capabilities are cutting-edge.
Key Responsibilities:
Oversee the selection, implementation, and management of incident response tools such as Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR) solutions, Intrusion Detection Systems (IDS), and forensic tools. Ensure tools are configured to capture the necessary data for effective incident detection and response. Regularly review and update tool configurations to align with emerging threats and organizational needs. Lead the integration of incident response tools with other security systems and platforms within the organization. Optimize the performance of these tools to enhance the detection and response to security incidents. Develop and implement best practices for the use of incident response tools across the cybersecurity team. Utilize incident response tools to detect, investigate, and respond to security incidents. Conduct in-depth analysis using SIEM, EDR, and other tools to identify the root cause of incidents and determine the appropriate remediation actions. Lead efforts to automate incident response processes using scripting and tool capabilities. Ensure that all incident response tools are up-to-date with the latest patches, updates, and configurations. Manage tool licenses, renewals, and vendor relationships. Plan and execute upgrades or migrations to new tools as needed. Work closely with security operations, vulnerability management, and IT teams to ensure the effective use of incident response tools. Provide training and guidance to junior team members and other stakeholders on the use of these tools. Stay informed on the latest developments in incident response technology and share insights with the broader cybersecurity team. Continuously improve incident response processes by leveraging tool capabilities and identifying opportunities for automation. Participate in post-incident reviews to evaluate the effectiveness of tools and make recommendations for improvements. Develop and maintain documentation related to the configuration and use of incident response tools. Ensure that the use of incident response tools complies with legal, regulatory, and organizational policies. Generate reports on tool performance, incident response metrics, and tool effectiveness. Assist in audits and assessments related to incident response tool management. Required Skills and Knowledge: Extensive experience with incident response tools such as SIEM (e.g., Splunk, QRadar, Microsoft Sentinel), EDR (e.g., CrowdStrike, Carbon Black), IDS/IPS (e.g., Snort, Suricata), and forensic tools (e.g., EnCase, FTK). Strong understanding of cybersecurity concepts, including network security, endpoint security, and threat detection. Proficiency in scripting languages (e.g., Python, PowerShell) for tool automation and integration. Demonstrated experience in deploying, configuring, and managing incident response tools in a large, complex environment. Ability to optimize tools for performance, including tuning alerts, refining rules, and integrating with other security systems. Knowledge of best practices for incident response tool management and the ability to implement these practices across the organization. Strong analytical skills to interpret data from various tools and identify patterns indicative of security incidents. Ability to troubleshoot issues with tools and resolve them in a timely manner. Experience in conducting root cause analysis and forensic investigations using incident response tools. Excellent written and verbal communication skills, with the ability to explain complex technical concepts to non-technical stakeholders. Strong collaboration skills to work effectively with cross-functional teams, including IT, legal, and compliance. Ability to develop and deliver training on the use of incident response tools to team members and other stakeholders. Proven ability to lead initiatives related to tool management and optimization within the incident response team. Experience mentoring and guiding junior engineers in the use of incident response tools and best practices.
Required Experience:
Experience: 5-7 years of experience in cybersecurity, with a focus on incident response and incident response tool management.
Experience in Tool Management: Hands-on experience in managing, configuring, and optimizing incident response tools in a large-scale environment.
Experience in Incident Response: Extensive experience in responding to and managing complex security incidents using a variety of tools.
Education:
Bachelor’s degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field.
Preferred: Master’s Degree in Cybersecurity or related discipline.
Certifications (Preferred but not required):
Certified Incident Handler (GCIH)
Certified Computer Security Incident Handler (CSIH)
Certified Forensic Computer Analyst (CFCA)
GIAC Reverse Engineering Malware (GREM)
EC-Council Certified Incident Handler (ECIH)
EC-Council Certified Network Defender (CND)
SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
GIAC Certified Forensic Analyst (GCFA)
Certified Information Systems Auditor (CISA)
Personal Attributes:
Attention to Detail: Strong focus on accuracy and precision in managing and configuring security tools.
Proactive Mindset: Ability to anticipate potential threats and take preemptive action through effective tool management.
Resilience: Ability to work under pressure and manage multiple tasks simultaneously.
Ethical Integrity: Commitment to ethical behavior and adherence to the organization’s security policies and values.
Department: Montefiore Information Technology Bargaining Unit: Non Union Campus: YONKERS Employment Status: Regular Full-Time Address: 3 Odell Plaza, Yonkers
Shift: Day Scheduled Hours: 8:30 AM-5 PM Req ID: 222410 Salary Range/Pay Rate: $127,500.00 - $170,000.00
For positions that have only a rate listed, the displayed rate is the hiring rate but could be subject to change based on shift differential, experience, education or other relevant factors.
To learn more about the “Montefiore Difference” – who we are at Montefiore and all that we have to offer our associates, please click here.
Diversity, equity and inclusion are core values of Montefiore. We are committed to recruiting and creating an environment in which associates feel empowered to thrive and be their authentic selves through our inclusive culture. We welcome your interest and invite you to join us.
Montefiore is an equal employment opportunity employer. Montefiore will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law.
SF-DICE-MIT; LI-SC1-REDIRECT