Kforce Incident Response Engineer in Salt Lake City, Utah

Kforce has a client that is looking for an Incident Response Engineer in Salt Lake City, Utah (UT). Are you passionate about information security? Do you enjoy solving puzzles, addressing complex problems, working in a fast-paced environment, and guiding others in the finer points of cybersecurity incident response? If so, we'd love to hear from you!Summary:Our client is seeking a motivated, collaborative, experienced Senior Incident Response Engineer to join our team of dedicated cybersecurity operations professionals! The Cybersecurity Operations Center (CSOC) is responsible for primary cybersecurity incident response, forensics, and cyber resiliency. We work with the latest tools and methods, as well as partners across the rest of the security division, IT, and the cybersecurity industry, but we also know how to roll up our sleeves with some old-fashioned detective work when needed. Responsibilities:

  • Act as senior, key contributor to the CSOC strategy and technical approach to cybersecurity incident response, including tool/vendor selection and process optimization

  • Respond to cybersecurity incidents, especially as an escalation point for high-priority or highly complex incidents

  • Act as subject matter expert in multiple security tools and processes such as SIEM, IDS, EDR, DLP, and similar

  • Develop and implement monitoring use cases, incident response procedures, playbooks and other technical documentation

  • Collaborate with Cybersecurity Architecture and IT in monitoring and alerting infrastructure, processes and tools

  • Train, mentor and guide other team members (across both the CSOC and other Information Security departments) on incident response practices, tooling and capabilities

  • Technical certifications such as GNFA, CISSP are a plus

  • 8 years of progressive technical experience in one or more technical cybersecurity domains, with at least 2 years of that time in an incident response role

  • Hands-on technical experience with one or more commercial SIEM products such as Splunk Enterprise Security, Qradar, LogRhythm, ArcSight, NetWitness, etc. which should include familiarity with defining and writing alert conditions/use cases in addition to daily use for investigating incidents

  • Deep technical familiarity with networking concepts, architectures and tools, including network traffic analysis, proxies, functionality of network switches, load balancers, routers and firewalls

  • Advanced working knowledge of common attack vectors, different classes of attacks (e.g. passive, active, insider, close-in, distributed, etc.) and general attack stages (e.g. foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks, etc.)

  • Advanced knowledge of system administration concepts for Unix/Linux and Windows operating systems

  • Development experience with scripting languages such as R, HIVE, Python, JavaScript, etc. is a plus

  • Experience with threat hunting methods and approaches is a plus

Key Success Factors for This Role:

  • Open, collaborative approach to working with colleagues both in the CSOC and on the wider team

  • A proactive, accountable approach to problem-solving and fostering a positive, can do team culture

  • Ability to take on advanced assignments working directly with the Manager, Cybersecurity Operations Center as well as independently

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.Compensation Type:YearsMinimum Compensation:120000.00Maximum Compensation:180000.00