Cybersecurity Incident Response Engineer, Mid

Position Overview The Cybersecurity Incident Response Engineer, Mid supports the detection, containment, and recovery of cybersecurity incidents across enterprise networks and missionu2011critical systems in a highly regulated government environment. This role contributes to developing and executing response strategies, including automation, scripting, and playbooks, to enhance the speed and consistency of security operations. The engineer performs detailed technical analysis, coordinates with crossu2011functional teams to isolate affected systems, and helps implement proactive cybersecurity countermeasures. This includes contributing to advanced defensive initiatives, improving detection logic, and strengthening SOC capabilities to protect the organization against evolving and increasingly complex adversary tactics. The position also supports forensic investigations, documentation, regulatory alignment, and continuous improvement of incident response processes. Key Responsibilities + Conduct technical analysis of security events and incidents using SIEM, IDS/IPS, EDR, and related tools to identify attack vectors, affected assets, and potential data exposure. + Develop and refine incident response runbooks and automation workflows that standardize triage, containment, and eradication steps for common attack scenarios. + Coordinate system and network isolation strategies with infrastructure and application teams to contain threats while preserving evidence and minimizing operational disruption. + Support proactive defensive engineering initiatives, including tuning detections, building automated countermeasures, and contributing to programs designed to defend against sophisticated adversaries. + Perform host and network forensics, including log review, basic memory and disk analysis, and artifact collection to support root cause analysis and potential legal or compliance needs. + Map observed adversary behavior to structured frameworks such as MITRE ATT&CK to understand attacker tactics, techniques, and procedures and to recommend targeted detection improvements. + Ensure incident handling practices are aligned with data security best practices and applicable government security policies, supporting auditability and regulatory compliance. + Produce clear incident documentation, timelines, and lessons learned that feed into security awareness, control hardening, and process improvements. Required Qualifications + Assumption: Typically 4u20137 years of handsu2011on experience in cybersecurity operations and incident response across enterprise environments. + Bacheloru2019s degree in IT, Cybersecurity, Computer Science, or a related field, or equivalent work experience. + Demonstrated experience with incident response tools and platforms such as SIEM, IDS/IPS, and EDR in enterprise environments. + Strong understanding of incident response principles, containment and eradication techniques, and data security best practices. + Proven analytical and problemu2011solving ability with strong written and verbal communication skills. Preferred Qualifications + Demonstrated leadership of ITILu2011based major incident processes in large enterprises, including executive and customeru2011facing communications. + Strong experience with enterprise incident management tools and service management platforms integrated with SOC and cyber defense functions. + Certifications such as ITIL Foundation plus advanced cybersecurity or incident response credentials evidencing both service management and deep technical capability. + At least one cybersecurityu2011related professional certification u2014 or the ability to obtain one within one year of hire u2014 such as Security+, CySA+, CEH, GSEC, GCIA, GCIH, or an equivalent industryu2011recognized credential. Compensation Ranges Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees. EEO Requirements It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies. All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment. Physical Requirements The physical requirements described in

Created: 2026-05-01