Lead Security Incident Response Engineer

What We Do

We calm the confusion of IT by guiding the connection between people and technology. If a customer is looking for a better way to manage their warehouse inventory equip their workforce or secure their data we make it happen. All it takes is finding the right combination of tech hardware software cloud solutions and support services. Thats what we do. Were the IT Departments IT Department.

Who We Are

Our team is made stronger by a multitude of backgrounds experiences and perspectives. Its what makes Connection uniquewhat drives us to innovate and create technology solutions that stand apart from the crowd. Wed love for you to be a part of that fabric to share your ideas and experiences with a team that thrives on fresh thinking creativity and helping others.

Why You Should Join Us

Youll find supportive teammates and a rewarding career at Connectionplus great benefits. We take pride in supporting employees with a total rewards package that provides financial emotional and physical resources for you and your family. Our compensation 401k plans medical insurance and other benefits are progressive and competitive. We value the importance of our employees emotional wellbeing. To support employees we provide free therapy visits mental health coaching and tools and meditation resources.Youll also enjoy a generous paid time off package that includes not only vacation and sick time but also Wellness and Volunteer Time Off days.

The Lead Security Incident Response Engineer is responsible for incident response and management monitoring and alert handling security operations management threat intelligence and mitigation policy and compliance management as well as training and mentoring junior engineers.

Incident Response Management and Coordination:

Leads investigations of security breaches attacks or incidents.

Coordinates with internal and external teams to mitigate ongoing attacks.

Oversees postincident review sessions with clients and recommend corrective actions.

Develops and executes incident response plans ensuring appropriate stakeholders are informed and involved.

Maintains communication with defined key stakeholders during an active incident.

Monitoring and Alert Handling:

Works with SOC teams to develop and fine tune Security Information and Event Management (SIEM) systems for monitoring client networks.

Analyzes alerts from firewalls intrusion detection systems (IDS) and other tools as needed

Prioritizes alerts and determine severity providing actionable recommendations to security teams.

Stays updated on emerging threats vulnerabilities and attach techniques in order to integrate in the teams detection and response strategies.

Security Operations Management:

Assigns tasks prioritize incidents and leads the teams response during threat analysis and incident handling.

Ensures compliance with operational procedures and service level agreements (SLAs).

Collaborates with the SOC (Security Operations Center) to address potential risks and vulnerabilities.

Provides guidance and technical direction during active security incidents.

Conducts postincident team meetings to review lessons learned and increase the teams effectiveness.

Threat Intelligence and Mitigation:

Stays updated on emerging threats vulnerabilities and attack vectors

Works with SOC teams to ensure accurate detection and response strategies are in place.

Conducts vulnerability assessments and recommend patches or mitigation strategies.

Coordinates penetration tests and red team exercises to assess security posture.

Policy and Compliance Management:

Ensures compliance with relevant standards (e.g. ISO 27001 NIST GDPR SOC2 HIPAA).

Implements and enforces security policies procedures and governance frameworks.

Collaborates with audit and compliance teams to prepare reports.

Training and Development:

Mentors junior engineers and analysts and provides guidance on security best practices.

Conducts security awareness training for technical and nontechnical staff.

Facilitates tabletop exercises and incident response drills for the organization.

Collaboration Across Teams:

Works closely with IT DevOps network and business teams to align security efforts.

Coordinates with thirdparty vendors and/ or regulatory bodies as needed.

Acts as a point of contact for escalations regarding

Proficiency in security tools such as SIEMs firewalls IDS/IPS endpoint detection and response (EDR) and vulnerability management tools.

Strong leadership and team management skills to coordinate efforts across internal and external security teams.

Ability to translate complex technical security findings into businesslevel reports and communicate with both technical and nontechnical stakeholders.

Analytical mindset for diagnosing issues and quickly addressing security incidents.

Familiarity with frameworks such as NIST CIS Controls ISO 27001 and regulatory requirements.

Experience working as a mentor of a team

• CISSP CEH CCSP SANS GIAC SANS GCIH or other vendor specific security certifications preferred