Job Description

Job Title: Cyber Defense Incident Responder, Senior (L3)

Location: Greensboro, NC, 27409

Duration: 05+ Months

As a Senior Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC) you will play a crucial role as a key technical expert responsible for managing and responding to advanced cyber threats, conducting in depth investigations, and supporting the overall security posture of The Client Group. This role combines hands-on technical expertise with mentoring responsibilities, ensuring effective threat detection, incident response, and continuous improvement of SOC capabilities.

What you will do:

• Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS)
• Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation
• Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats
• Perform digital forensics to collect, analyze, and preserve evidence for legal or compliance requirements
• Provide incident reports with detailed root cause analyses and actionable recommendations
• Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization
• Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge sharing
• Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls
• Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness.
• Identify gaps in detection and response capabilities and recommend improvements to SOC leadership.

• Bachelor’s degree in Computer Science or a related 4year technical degree
• Minimum 7 years of experience in supporting cyber defense operations in highly complex enterprise networks. Experience in SOC, SIRT, or CSIRT capacities
• One or more of the following certifications: GIAC Certified Intrusion Analyst, GCIH Certified Incident Handler, GCIA Certified Intrusion Analyst, CISSP
• Experience in enterprise cybersecurity environment investigating targeted intrusions through complex network segments
• Expert understanding of Advanced Persistent Threat (APT), Cybercrime, and Hacktivist tactics, techniques, and procedures (TTPs)
• Subject Matter Expert in cybersecurity principles, threat lifecycle management, incident management
• Comprehensive knowledge of various operating systems (Windows, OS X, Linux), network protocols, and application layer protocols
• Demonstrable experience in scripting languages (may include Powershell, Python, PERL, etc.)
• Understanding of the Cyber Kill Chain methodology, the NIST framework, the MITRE ATT&CK framework, and SANS Critical Security controls
• Working knowledge in modern cryptographic algorithms and systems
• Experience working with and tuning signatures, rules, signatures, and security technologies (IDS/IPS, SIEM, Sandboxing tools, EDR, email security platforms, user behavior analytics
• Network design knowledge including security architecture
• Strong analytical and technical skills in network defense operations including experience with incident handling (detection, analysis, triage)
• Conceptual understanding of cyber threat hunting
• Prior experience and ability analyzing cybersecurity events to determine true positives and false positives. Including cybersecurity alert triage, incident investigation, implementing countermeasures, and managing incident response
• Previous experience with SIEM platforms and log aggregation systems that perform collection, analysis, correlation, and alerting
• Ability to develop rules, filters, views, signatures, countermeasures, and other cyber defense platforms as well as the ability to support analysis and detection continual improvement
• Knowledge of new and emerging cybersecurity technologies
• Ability to create technical documents as well as stakeholder sitreps and briefing documents

Preferred Qualifications:

• Deep Cybersecurity Operations Center experience in the following: intelligence driven detection, security principles, threat lifecycle management, incident management, digital forensics and investigations, network monitoring, endpoint monitoring, OT security principles
• CSOC Process Management experience, to include process and procedure management, CSOC initiative management, continual operational improvement
• Preferred certifications: CISSP, GCIH, GCIA, Linux+, CCNA, CCNP
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to both business leaders/key stakeholders as well as technical teams and SMEs
• Demonstrated knowledge in cyber defense policies, procedures, and regulations
• Knowledge of cyber vulnerability management processes
• Knowledge of common user and system authentication and authorization mechanisms

Job Tags

Similar Jobs