Job Description: • Understand that as the Tier 3 (highest level) engineer, you’re expected to handle potential incidents and act as the as a subject matter expert for all security-related tickets that come into the team's various queues (including triage, containment, and remediation when necessary). • Receive incident escalations from Tier 1 and 2 analysts, assisting with real-time advanced analysis, response, and reporting. • Mentor and assist in training Tier 1 and 2 analysts to aid in their skills development and analytical capabilities. • Proactively hunt for threats and enacting identification, containment, and eradication measures while supporting recovery efforts. • Serve as a point person for coordination with appropriate parties during a security incident – client, management, legal, security, operations, etc. • Create thorough reports and documentation of all incidents and procedures, presenting findings to team and leadership on a routine basis. • Incident Response: remote remediation when possible and working with onsite teams when necessary. • Detailed documentation of events and remediation steps taken. • Root Cause Analysis: initiation and follow-through to ensure quality forensic materials are captured, writing reports with details and timelines of events with recommendations to avoid future occurrences. • Assist in the general maintenance and improvement of procedures, processes and playbooks. • Conduct research regarding the latest methods, tools, and trends in digital forensics analysis. • Conduct analysis using logs, previous alerts, etc. to identify trends to identify and prevent potential incidents. • Follow standard operating procedures (SOPs) to ensure tickets are triaged appropriately and in a timely manner, according to SLAs. • Excel at documentation and detailed notetaking, including SOP writing, incident reporting, e-mail and instant messaging etiquette, and most importantly, documenting incident actions in tickets. • This role is responsible for completing incident reports and forensic reports, when appropriate, so competent writing skills are necessary. • Ability to know when to appropriately escalate a potential issue to peers and/or leadership. • Desire to learn new concepts and technologies to grow and take on more responsibility over time. • Ability to communicate risk, prioritize incident response actions, and keep a cool head under pressure. • Advanced experience with security tools like Splunk, CrowdStrike EDR, Carbon Black EDR, Proofpoint tools, Microsoft Defender components, Cyberhaven DLP, Axiom Cyber and open-source forensic tools, Cylance Protect, Office 365 tools, PowerShell, and various network tools, etc. • Understanding the various stages of incident response, the importance and critical factors of an investigation, and how to contain as soon as possible. • Have experience with the incident response lifecycle, the Lockheed Martin Cyber Kill Chain, the MITRE framework, and the forensic workflows as outlined by NIST. • Work with development teams to ensure they're using best practices and company processes in their daily activities. • Drive self-organization; help determine how the team functions in collaboration with your peers. • Build strong relationships with cross-functional team members between the three tiers of the CSOC. • Participate in off-hours on-call incident handler rotation, which is a requirement for this role, as incidents may be escalated outside of normal business hours by our 24/7/365 Tier 2 team. Tier 3 teammates rotate on-call responsibilities which requires each teammate to be formally on-call roughly one week a month. Requirements: • Bachelor's degree or higher in cyber security, computer science, or related field. • 6-10 years of cyber security experience, including at least five years in an incident response role. • Completion of the GIAC Certified Incident Handler (GCIH), GIAC Security Operations Certified (GSOC), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), or equivalent. • Experience with endpoint detection and response (EDR) solutions, including a fundamental understanding of memory processes and memory management practices for Windows, macOS, and Linux systems. • Information Security familiarity and training, including areas such as incident response, computer forensics (host and network-based), malware analysis, risk assessment, vulnerability testing, penetration testing, and insider threat investigations. • Experience participating in penetration tests, purple team exercises, and threat hunts, including remediation. • Experience in distributed systems and cloud-based architecture including Amazon AWS, Microsoft Azure, and the native security tools available in these environments (Data Explorer, GuardDuty, Log Analytics, etc.). • Experience with detection engineering for endpoint detection and response (EDR) solutions, Security Information and Event Management (SIEM) solutions such as Splunk and