Cybersecurity Incident Commander

This role is ideal for a highly skilled cybersecurity professional with deep expertise in incident response (IR), threat hunting, and Splunk SPL (Search Processing Language). You will play a pivotal role in detecting, analyzing, and responding to sophisticated cyber threats, leveraging Splunk search, Splunk SOAR, and advanced threat intelligence as well as refining Splunk searches for automated deployment across multiple customers.

Key Responsibilities

• Incident Response & Forensics: Lead Level 3 investigations of security incidents, conduct deep-dive forensic analysis, and develop remediation strategies.
  
  
• Threat Hunting: Proactively hunt for cyber threats within enterprise environments using advanced analytics and threat intelligence.
  
  
• Splunk Expertise: Develop and optimize SPL queries, build correlation searches, and fine-tune detections to enhance SIEM capabilities.
  
  
• Threat Intelligence Integration: Utilize threat intelligence to enrich detection capabilities and improve response workflows.
  
  
• Automation & SOAR: Leverage Splunk SOAR and other automation tools to streamline incident response processes.
  
  
• Security Best Practices: Develop playbooks, runbooks, and provide guidance to junior analysts to improve overall security posture.
  
  
• Red Team Collaboration: Work closely with penetration testers and red teams to enhance detection capabilities and improve security defenses.

Qualifications & Skills

• 5+ years of experience in cybersecurity with a focus on incident response, threat hunting, and SOC operations.
  
  
• Deep understanding of cyber kill chain, MITRE ATT&CK framework, and adversary tactics, techniques, and procedures (TTPs).
  
  
• Strong expertise in Splunk SPL, including writing advanced queries, dashboards, correlation rules, and detections.
  
  
• Hands-on experience with Splunk SOAR for security automation and orchestration.
  
  
• Experience with malware analysis, digital forensics, memory analysis, and network traffic analysis.
  
  
• Knowledge of cloud security (AWS, Azure, or GCP) and detection strategies for cloud-based threats.
  
  
• Familiarity with endpoint detection and response (EDR) tools such as CrowdStrike, SentinelOne, Microsoft Defender, etc.
  
  
• Scripting and automation skills in Python, PowerShell, or Bash are a plus.
  
  
• Relevant certifications such as GIAC GCFA, GCFE, GCIH, OSCP, Splunk Certified Admin/Architect are highly desirable.

Daily Duties

• 50% (approximately 20 hours/week) managing the library of searches
  
  
• 25% (approximately 10 hours/week) doing incident commander duties (based on when incidents occur)
  
  
• 25% (approximately 10 hours/week) doing proactive threat hunting