Risk & Compliance Incident Response Engineer

Risk & Compliance Incident Response EngineerThe firm is actively seeking a Risk & Compliance Incident Response Engineer to join the IT department. This role will lead the incident response process and be part of an operational after-hours supporting team. This position will support projects and tasks under the general direction of the Director of Information Security Governance, Risk & Compliance. This position will also work closely with the Operations, Applications, Security and ServiceDesk teams, as well as many other internal or external engineers as needed or required.This is an outage incident response role not a security incident response role.This position is available as a fully virtual work schedule. ResponsibilitiesMonitor, investigate, report, and respond to incidents (security or operational outages)Categorize, prioritize, and normalize an event to determine if it meets the threshold of a potential incident and declare an incidentCoordinate response, triage and escalation of incidents affecting the information assets, IT operations and IT processesAssist in after-action activities resulting from any findings associated with an incidentAssist and maintain standard operating procedures (SOPs) and runbooks to meet the needs of IR requirementsAssist in building methodologies to enhance incident investigation processesIdentifying hidden risks within technical controls, IT operations and processesDevelop a comprehensive and accurate reports for all incidentsReview DLP violation reports received from NetDocuments, or O365, and prepare violations reportsAssist with NIST – CSF audit and provide recommendation for the remediation activitiesAssist in maintaining compliance with all IT policies and proceduresInteract with threat management systems/tools to find critical/high risk systems and create threat analysis reports and initiate follow-up action, and help reducing the risk QualificationsBachelors or higher degree in Computer Science, Cybersecurity, Information Technology, or related field of study desiredServiceNow experience and certifications desired3+ year’s relevant experience in risk and compliance and cybersecurityOne or more security certifications such as GCIH, CISSP, Security +, or other relevant security certification(s) requiredKnowledge of the NIST Cybersecurity Framework (CSF), NIST 800-53 and 800 – 61Knowledge of cloud environment such as MS O365 or AWS is preferredPossess strong analytical, problem-solving, multitasking and time management skillsExcellent technical writing and verbal communication skillsMust be able to work under pressure and meet deadlines, while maintaining a positive attitude and providing exemplary customer serviceAbility to work independently and to carry out assignments to completion within parameters of instructions given, prescribed routines, and standard accepted practices The primary location for this job posting is in Washington, D.C.. The actual base pay offered will depend upon a variety of factors, including but not limited to the selected candidate’s qualifications, years of relevant experience, level of education, professional certifications and licenses, and work location. The anticipated pay range for this position is as follows: $105,400 – $142,600 per year.The compensation for this position may include a discretionary year-end merit bonus based on performance. We offer a highly competitive salary and benefits package.Benefits information can be found here. Equal Opportunity Employer (EOE). Job DetailsSeniority level: Not ApplicableEmployment type: Full-timeJob function: Legal and Information TechnologyIndustries: IT Services and IT Consulting; Law Practice; Computer and Network Security Note: This refined description excludes boilerplate, extraneous postings, and non-essential sections while preserving the core responsibilities and qualifications of the role. #J-18808-Ljbffr

Created: 2025-09-17