SOCIncident Report Engineer

Who We Are

At Benesch we pride ourselves on exceeding expectations and building trust not only with our clients but with our employees - Beneschs #1 asset. Committed to providing not only the highest level of legal service to our clients Benesch also aspires to create a positive work environment for our employees. Our Firm continues to earn placement on Chicago and Clevelands Top Workplaces list along with Clevelands NorthCoast 99 Top Workplaces rankings. We also continue to advance on the AmLaw 150 list placing us among the top 150 law firms in the country.

Benesch is proud to be recognized for being a Firm that attracts and retains top talent - making Benesch a great place to work. We offer a hybrid schedule career development and growth transparent and visible leadership teams and a place where diversity equity and inclusion is addition the Firm offers a full array of benefits which can be viewed at .

Working with Us - Come and Be Benesch!

We are one of the fastest growing firms in the nation and have offices in Chicago Columbus San Francisco New York City and Wilmington. We continue to expand our geographic footprint and value the talent that comprises each of our locations. If you are someone who champions a First in Service approach and are ready to be part of an exciting and growing Firm we would invite you to apply to join our team.

Want to know more To hear from some of our team click here: is proud to announce the opening for a SOC/Incident Report Engineer in our Columbus office! This position is hybrid and has work from home flexibility.

Position Summary:

Are you excited about detecting and resolving cybersecurity threats and incidents Do you find it a challenge to help an organization reduce threats and enhance their security Does working with teams to develop strategies to improve detection capabilities Then you may be interested in our SOC/Incident Report Engineer position. This role is perfect for the individual looking to play a crucial role in Beneschs security initiatives.

The SOC/Incident Response Engineer is responsible for detecting investigating and responding to cybersecurity incidents across the Firm. This role combines threat detection digital forensics malware triage and cloud security expertise to protect organizational assets reduce risk and strengthen security posture. The SOC/Incident Response Engineer will operate within a 24/7 security operations environment collaborating with cross-functional teams to analyze threats develop response strategies and improve detection capabilities.

POSITION RESPONSIBILITIES

Security Monitoring & Threat Detection

1. Monitors SIEM EDR NDR and cloud-native security tools to identify suspicious activity and potential security incidents.

2. Creates tunes and optimizes detection rules correlation logic and analytic use cases.

3. Conducts threat hunting based on emerging TTPs threat intel and anomaly patterns.

4. Maintains and improves alerting fidelity to reduce false positives and enhance detection precision.

Incident Response & Triage

1. Performs initial triage of security alerts to assess severity impact and required response actions.

2. Leads full incident lifecycle activities including investigation containment eradication recovery and postincident analysis.

3. Coordinates with IT cloud and business teams to execute IR playbooks and minimize operational impact.

4. Documents incidents findings and lessons learned; contribute to afteraction reviews.

Digital Forensics & Malware Analysis

1. Conducts forensic acquisition and analysis of endpoints servers cloud resources and network artifacts (disk memory logs).

2. Examines artifacts such as registry hives event logs file systems network captures browser history and persistence mechanisms.

3. Performs malware triage (dynamic and static) to determine malware behavior indicators of compromise and propagation mechanisms.

4. Maintains chain-of-custody processes and ensure forensic data integrity for potential legal or compliance requirements.

Cloud Security & IR

1. Monitors and responds to security events within cloud environments (e.g. Azure AWS Google Cloud).

2. Investigates cloud-native logs: Azure Activity Logs AWS CloudTrail GCP Audit Logs identity events network flows and storage access.

3. Evaluates cloud security posture identifying misconfigurations risky access patterns and drift.

4. Assists in development of cloud detection logic using native tooling (e.g. Azure Sentinel/Microsoft Defender XDR AWS GuardDuty GCP SCC).

Security Tooling & Automation

1. Maintains and enhances SOC tooling dashboards and automation workflows (SOAR).

2. Builds automated playbooks to speed up triage enrichment and response.

3. Integrates new data sources and improve log ingestion pipelines for SIEM/EDR.

Threat Intelligence & Research

1. Utilizes internal and external threat intelligence to contextualize alerts and strengthen detections.

2. Tracks adversary TTPs based on frameworks such as MITRE ATT&CK.

3. Researches emerging threats vulnerabilities and malware families.

Collaboration Compliance & Reporting

1. Partners with governance engineering and IT teams to ensure effective remediation and long-term control improvements.

2. Supports audit compliance and regulatory requirements related to incident management.

3. Prepares clear concise technical and executive-level reports.

KEY COMPETENCIES

1. Analytical mindset with strong problem-solving skills.

2. Ability to work under pressure during active incidents.

3. Excellent written and verbal communication skills.

4. Strong attention to detail and a commitment to continuous improvement.

QUALIFICATIONS

The SOC/Incident Response (IR) Engineer should have 37 years of experience in a Security Operations Center (SOC) incident response digital forensics or a closely related cybersecurity discipline. A strong technical foundation in networking operating system internals across Windows Linux and macOS identity systems and modern cloud architectures is essential. The role requires hands-on experience with leading security technologies including SIEM platforms such as Microsoft Sentinel or Splunk endpoint detection and response (EDR) and antivirus tools like Microsoft Defender for Endpoint or CrowdStrike and forensic toolsets including Velociraptor Autopsy FTK and KAPE. Experience utilizing malware analysis sandboxes and static analysis frameworks as well as cloud security tools such as Azure Defender AWS GuardDuty and Google Cloud Security Command Center (SCC) is also required. Familiarity with scripting and automation languages particularly Python PowerShell and KQL is highly desirable. Preferred certifications include GIAC GCIA GCFA GCIH or GNFA; AWS Security Specialty or Google Professional Cloud Security Engineer; and industry-recognized credentials such as CISSP CEH or CySA (or their equivalents).

Benesch is an equal opportunity employer. We strongly value and encourage diversity and solicit applications from all qualified applicants without regard to race color gender sex age religion creed national origin ancestry citizenship marital status sexual orientation physical or mental disability (where applicant is qualified to perform the essential functions of the job with or without reasonable accommodations) medical condition protected veteran status gender identity genetic information or any other characteristic protected by federal state or local law.

Applicants who are interested in applying for a position and require special assistance or an accommodation during the process due to a disability should contact the Benesch Human Resources Department by phone at or email Christine Watson at

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

Required Experience:

IC