Senior Cyber Incident Response Engineer

We are seeking a Senior Cyber Incident Response Engineer to design, automate, integrate, and continuously improve the technical systems, workflows, and tooling used to detect, investigate, contain, and recover from cybersecurity incidents. This role combines hands-on response engineering with incident readiness and operational improvement, helping ensure responders have the automation, telemetry, access, and processes needed to act quickly and effectively. The ideal candidate brings strong incident response and DFIR expertise, practical engineering skill, and the ability to turn repeated operational pain points into scalable, reliable capabilities that improve response quality and reduce time to action. Key Responsibilities: Design, build, and improve automated evidence collection capabilities that increase the speed, consistency, and completeness of incident investigations. Create and maintain SOAR playbooks that orchestrate investigation, enrichment, containment, notification, and recovery workflows. Integrate SIEM, EDR, IAM, cloud, email, case management, and threat intelligence platforms to enable unified response actions and stronger analyst context. Develop and deploy response tooling that may utilize AI to improve response capabilities across cloud, endpoint, identity, SaaS, email, and data platforms. Develop scripts, tools, and integrations that support triage, containment, enrichment, forensic collection, and operational response workflows. Ensure responders have the logs, telemetry, access, and tooling needed to investigate and respond without unnecessary delay. Build dashboards, operational views, and incident metrics that measure response performance, workflow health, and process effectiveness. Identify repeated manual analyst tasks and turn them into safe, scalable, and repeatable automation. Review incident response plans, identify readiness gaps, and help develop practical strategies to improve preparedness. Design and optimize incident response playbooks aligned to relevant threats, operating models, and business needs to allow for quick identification and response to potential incidents. Collaborate with Response Operations and Automation team stakeholders for prioritization, automation creation, and integrations with security tooling Facilitate or support tabletop exercises, drills, and readiness activities to validate plans and improve operational performance. Lead or support complex investigations involving host, network, identity, email, and cloud artifacts to determine nature, scope, and root cause. Partner with cross-functional teams to guide containment, remediation, recovery, and post-incident improvement activities. Brief technical teams and leadership on findings, risks, recommendations, and response decisions during and after incidents. Contribute to incident response standards, methodologies, documentation, and internal knowledge sharing. Participate in an incident response on-call rotation, including weekend coverage, as required.