Principal Engineer - Cyber Incident Response

What you will be doing
Position Summary
The Principal Engineer, Cyber Incident Response, will serve as a senior technical expert within the global Cyber Defense team. This role is responsible for leading complex investigations, advancing detection and response capabilities, and providing deep technical expertise during major incidents. The Principal Engineer will collaborate closely with global SOC teams, threat intelligence, vulnerability management, and forensics functions to contain, investigate, and eradicate cyber threats. This position requires advanced technical skills in incident response, threat hunting, malware analysis, and forensic investigations, as well as the ability to influence security architecture and detection engineering across the enterprise.
Primary Duties and Responsibilities

• Lead technical response and investigation of complex and high-severity security incidents, including advanced persistent threats, ransomware, and insider activity.
• Provide hands-on expertise in forensic analysis, malware reverse engineering, and threat hunting across endpoints, networks, and cloud environments.
• Develop and refine incident response playbooks, detection rules, and automation to improve SOC efficiency and response times.
• Partner with engineering teams to design and implement resilient detection and response capabilities across SIEM, EDR, SOAR, and cloud platforms.
• Mentor and provide technical guidance to SOC analysts, incident responders, and engineering teams.
• Collaborate with threat intelligence teams to translate threat actor tactics, techniques, and procedures (TTPs) into actionable detection and response strategies.
• Serve as a technical escalation point during major incidents and contribute to root cause analysis and lessons learned reporting.
• Contribute to red/blue/purple team exercises to validate detection and response effectiveness.
• Provide input on security architecture, tooling enhancements, and emerging technologies to strengthen enterprise cyber defense.

What your background should look like
Education and Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent work experience; Master's degree preferred.
• Advanced knowledge of incident response methodologies, digital forensics, malware analysis, and adversary simulation.
• Familiarity with industry frameworks such as NIST, MITRE ATT&CK, and ISO 27035.

Preferred Certifications

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Reverse Engineering Malware (GREM)
• GIAC Certified Forensic Analyst (GCFA)
• Offensive Security Certified Professional (OSCP)
• Certified Information Systems Security Professional (CISSP) or equivalent senior-level certification a plus

Work Experience

• 10+ years of progressive experience in cybersecurity, with at least 7 years focused on incident response, threat hunting, or forensic investigations.
• Demonstrated expertise in analyzing and responding to advanced cyber threats in large enterprise environments.
• Hands-on experience with SIEM, EDR, SOAR, and forensic tools (e.g., Splunk, CrowdStrike, EnCase, Magnet, Wireshark).
• Experience with malware reverse engineering, memory forensics, and scripting/automation (Python, PowerShell).
• Proven ability to serve as a technical authority and mentor within a global SOC or incident response team.
• Strong communication skills, with the ability to clearly present complex technical findings to both technical and executive stakeholders.

Schedule
Full time