Expert Incident Response / Threat / Purple Teaming Engineer

NO SPONSORSHIP - NO OPT Expert Incident Response / Cyber Risk Management Engineer SALARY: $200k - $230k-$250k plus 20% bonus LOCATION: Remote except: Alaska, ND, Nebraska, HI, OK, VT, Maine, WV, NH, WY, Puerto Rico, DC Keys to this role: Incident, threat, purple teaming, Python for automation, incident command, SOAR, any Splunk is a plus but will look at similar products They have to be curious of AI, so the more the better Looking for an expert Incident response engineer to handle complex incidents. Intelligence driven detection pipeline. Purple team, incident, on call rotation. You will analyze security alerts working with SIEM, EDR, IDS/IPS logs. Windows linux macOS networking cloud aws azure gcp. crowdstrike, sentinelone, splunk etc. You will lead the exploration and responsible for adoption to AI. Incident Command and Response – Tier 3 Escalation

• Act as the Incident Commander for critical security events as part of our on-call rotation.
• Foster a culture of learning through blameless post-mortems to drive measurable improvements in both processes and tooling.
• Analyze security alerts and data from various sources (SIEM, EDR, IDS/IPS, logs) to identify and investigate sophisticated threats.
• Lead tabletop exercises and IR simulations to a variety of audiences in order to test and refine incident response plans, identify weaknesses, and enhance communication and collaboration.

Threat Hunting and Intelligence

• Proactively identify potential threats and weaknesses across systems and networks through hypothesis driven threat hunting.
• Identify gaps in detection coverage and proactively develop new telemetry, detections, and analytic approaches to address emerging threats across endpoint, identity, cloud, and network domains.
• Fuse internal telemetry with open source, commercial, and internal intelligence sources to prioritize risks and improve detection strategies.
• Track adversary TTPs and feed findings back into our hunting and detection pipelines.

Qualifications:

• 7+ years of relevant professional experience with a Bachelor’s degree
• 7+ years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments.
• Deep understanding of operating systems (Windows, Linux, macOS), network protocols, cloud environments (AWS, GCP, Azure), and common attack techniques (MITRE ATT&CK).
• Proficiency with investigation and forensic tools such as EDR platforms (CrowdStrike, SentinelOne), log aggregators (Splunk, ELK), and packet capture tools (Wireshark, Zeek).
• Demonstrated ability to lead high-pressure incident response scenarios across technical and non-technical teams.
• Scripting skills in Python, PowerShell, or Bash for automation and analysis or experience with SOAR platforms is highly preferred.