Senior Incident Responder- West Region

*Working hours for the position are 9:00-17:00 PST (12:00-20:00 EST)*

The Senior Incident Responder manages and mitigates incidents in the Security Operations Center. You are responsible for detecting, analyzing and responding to security incidents, ensuring that threats are identified and mitigated. You will lead incident response processes and investigations, provides guidance and mentorship to team members and collaborates with other teams to maintain a strong security posture. This position would also provide timely executive summaries to upper management on breaking threats and vulnerabilities.

What you will do:

As part of the Information Security team your responsibilities will be as follows-

• Provide analysis and trending methods of security log data of heterogeneous security devices
• Provide incident response ("IR") support for both the enterprise and the company's managed security services offering
• Provide threat and vulnerability analysis as well as security advisory services
• Investigate, document and report on information security issues and trends that are observed through security monitoring
• Integrate and share information with other analysts and other teams within SEI
• Monitor implemented network and other security control activities and perform threat analysis on traffic, including but not limited to vulnerability/exploit detection, virus detection, identification of false positives, evasion detection and more
• Create tickets in SEI's systems for tracking of incidents, threats and vulnerabilities
• Operate as a member of the Information Security's core Incident Response team
• Maintain active participation in at least one trust circle/threat intelligence sharing entity
• Create internal and external documents (and content) explaining complex security information in a clear and concise manner. "Documents" could be in the form of White Papers, responses to industry changes or events, blog posts, presentations, knowledge base articles, etc.
• Assist in creating documentation and communication materials to enhance collaboration between the IR team and the first level SOC, while also providing mentorship to support the team's development and effectiveness
• Conduct discovery and research to determine what changes are required to existing assets, assess which assets are impacted by the changes, and draft new language to incorporate into the assets
• Support the Information Security team in threat tracking, vulnerability, SOC focused communication, and other communication efforts as needed

What we need from you:

• Bachelor's degree in relevant field
• Relevant industry certifications (GCIH, GMON, GCFA, CISSP) preferred
• At least 5 years of hands-on experience with SIEM, IDS/IPS, endpoint detection and response (EDR), and network monitoring solutions to detect and mitigate threats
• Strong background in digital forensics, malware analysis, and threat intelligence platforms to support investigation and response efforts
• Hands-on experience in detecting, investigating, and mitigating security incidents across cloud platforms (AWS, Azure, OCI, GCP)
• Proven experience in leading security incidents and investigations, including coordinating cross-functional response efforts, performing root cause analysis, and driving remediation strategies to mitigate future risks
• Must be able to work produce quality work in a remote environment
• Experience scripting in PowerShell, Python, Go, Perl or other languages a plus

What we would like from you:

• Ability to adapt to changing priorities and willing to learn and advise on new developments and patterns
• Good analytical and interpersonal skills
• Excellent verbal and written communication skills

SEI's competitive advantage: