Job Closed
This listing is no longer active.
Here you can create the extraordinary. Join us.
Senior Cyber Incident Response Engineer
Location
United States
Posted
3 days ago
Salary
$140K - $175K / year
Seniority
Senior
Job Description
Senior Cyber Incident Response Engineer
NBCUniversal
Role Description We are seeking a Senior Cyber Incident Response Engineer to design, automate, integrate, and continuously improve the technical systems, workflows, and tooling used to detect, investigate, contain, and recover from cybersecurity incidents. This role combines hands-on response engineering with incident readiness and operational improvement, helping ensure responders have the automation, telemetry, access, and processes needed to act quickly and effectively. The ideal candidate brings strong incident response and DFIR expertise, practical engineering skill, and the ability to turn repeated operational pain points into scalable, reliable capabilities that improve response quality and reduce time to action. - Design, build, and improve automated evidence collection capabilities that increase the speed, consistency, and completeness of incident investigations. - Create and maintain SOAR playbooks that orchestrate investigation, enrichment, containment, notification, and recovery workflows. - Integrate SIEM, EDR, IAM, cloud, email, case management, and threat intelligence platforms to enable unified response actions and stronger analyst context. - Develop and deploy response tooling that may utilize AI to improve response capabilities across cloud, endpoint, identity, SaaS, email, and data platforms. - Develop scripts, tools, and integrations that support triage, containment, enrichment, forensic collection, and operational response workflows. - Ensure responders have the logs, telemetry, access, and tooling needed to investigate and respond without unnecessary delay. - Build dashboards, operational views, and incident metrics that measure response performance, workflow health, and process effectiveness. - Identify repeated manual analyst tasks and turn them into safe, scalable, and repeatable automation. - Review incident response plans, identify readiness gaps, and help develop practical strategies to improve preparedness. - Design and optimize incident response playbooks aligned to relevant threats, operating models, and business needs to allow for quick identification and response to potential incidents. - Collaborate with Response Operations and Automation team stakeholders for prioritization, automation creation, and integrations with security tooling. - Facilitate or support tabletop exercises, drills, and readiness activities to validate plans and improve operational performance. - Lead or support complex investigations involving host, network, identity, email, and cloud artifacts to determine nature, scope, and root cause. - Partner with cross-functional teams to guide containment, remediation, recovery, and post-incident improvement activities. - Brief technical teams and leadership on findings, risks, recommendations, and response decisions during and after incidents. - Contribute to incident response standards, methodologies, documentation, and internal knowledge sharing. - Participate in an incident response on-call rotation, including weekend coverage, as required. Qualifications - 5+ years of relevant cybersecurity experience in either incident response, DFIR, detection engineering, threat hunting, and or SOC escalation. - 2+ years of security automation / cyber defense engineering. - Strong proficiency with Python, PowerShell, Bash, or similar scripting languages used for automation and response engineering. - Ability to lead projects with little guidance, and strong communication. - Knowledge of SIEM, SOAR, EDR, Data Lake, and enterprise security tooling and methodologies. - Experience handling security incidents and investigating a multitude of cyber threats with various TTPs across multiple enterprise platforms. - Experience building and maintaining API integrations across security and enterprise platforms. - Working knowledge of SIEM query languages such as SPL, KQL, SQL, or equivalent analytics languages. - Experience with EDR response actions, investigation workflows, and endpoint containment techniques. - Experience designing, building, or operating SOAR platforms and automated playbooks. - Strong understanding of endpoint, identity, network, cloud, email, and SaaS telemetry, including logging, evidence collection, and containment actions across modern environments. - Experience collecting and using forensic artifacts to support investigations across endpoints, identities, cloud services, email, or SaaS platforms. - Ability to design for scale, repeatability, automation, reliability, and reduced response time in a production security environment. - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, Digital Forensics, or a related field, or equivalent practical experience. Requirements - 7+ years of relevant cybersecurity or security operations experience. - Demonstrated ownership of incident response engineering, automation, forensic collection, containment workflows, or large-scale security operations improvements. - Experience conducting threat intelligence, threat detection, malware analysis, or forensic analysis in security incidents as a team. - Experience building and leveraging AI-assisted tooling in investigation or triage workflows for a large, distributed enterprise environment. - Experience integrating case management, email security, identity platforms, cloud services, and threat intelligence into response workflows. - Experience building analyst-facing dashboards, metrics, and reporting that show operational health and response effectiveness. - Strong understanding of cloud technologies, AI agents, and LLMs. - Familiarity with secure automation guardrails, approval models, and change control for containment actions. - Experience with detection engineering and the operationalization of alerts, enrichments, and response workflows. - Experience improving responder access to logs, telemetry, and investigative tooling across multiple security domains. - Relevant certifications are preferred rather than required. Preferred certifications may include GCIH, GCFA, GCFE, GNFA, EnCE, CFCE, GCIA, GSEC, CySA+, Blue Team Level 2, AWS Security Specialty, Azure Security Engineer, Google Cloud Security Engineer, CISSP, CISM, GPEN, OSCP, or PNPT. Benefits - This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. - Salary range: $140,000 - $175,000 (bonus eligible). Additional Requirements - This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.
Related Guides
Related Categories
Related Job Pages
More Incident Response Analyst Jobs
• Efficiently manages reconstruction portion of loss for insurance carrier and expedite closure of files • Regular communication and active file management throughout the reconstruction process • Evaluates extent of reconstruction needed and discusses the reconstruction process with the insured • Review loss and coverage information and determine if the loss will be within policy limits • Verifies status of files with Insurance Carrier • Works in partnership with assigned contractor • Communicates with customer to recommend reserve amount based on exposure
• Assist with investigative and forensic analysis across endpoints, network logs, and cloud telemetry under the direction of senior analysts • Support containment and response actions to neutralize active threats as directed by Incident Advisors or Senior Analysts • Triage and review alerts, indicators of compromise (IOCs), artifacts, and telemetry, escalating findings to senior analysts to help determine scope and root cause • Maintain clear and accurate engagement documentation, including trailheads, timelines, and playbooks • Develop incident response skills through hands-on engagements while following CIRT investigative and documentation standards • Contribute technical findings and summaries to support customer updates and post-incident reports • Identify and communicate detection or response gaps observed during investigations • Participate in shift handovers, debriefs, and post-incident reviews to ensure engagement continuity • Maintain accurate time and activity tracking to support operational visibility and service improvement
CIS SERVICE DELIVERY MANAGEMENT-CIS INCIDENT MANAGEMENT
ZensarAt Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.
Role Description - Good understanding of Control-M Architecture and Agent/Server Communication - Good knowledge on Control-M tool to manage batch jobs, familiarity with features and usage of tool - Basic Unix - ITIL knowledge Good to have: - Experience of handling Priority incidents and critical issues related to Control-M - Basic MS SQL or Oracle Soft Skills: - Experience in 24*7 batch monitoring and production support - Excellent problem-solving skills and attention to detail - Ability to work collaboratively in a team - Strong communication and interpersonal skills Company Description At Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. Explore Life at Zensar and join us to Grow. Own. Achieve. Learn. to be the best version of yourself. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.
Role Description cFocus Software seeks a Incident Response Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance. Qualifications - Public Trust Clearance - B.S. Computer Science, Information Technology, or a related field - 5+ years of cybersecurity experience - 5+ years supporting cybersecurity incident response or Security Operations Center (SOC) environments - Experience investigating security incidents across Windows, Linux, cloud, and enterprise networks - Experience with SIEM technologies and security monitoring platforms - Experience performing incident triage and root cause analysis - Knowledge of malware analysis and digital forensics concepts - Understanding of NIST Cybersecurity Framework and NIST SP 800-61 Incident Handling Guide - Ability to obtain and maintain required NIH suitability/background investigation - Active GCIH, GCFA, GCIA, CISSP, CySA+, Security+, CEH, CHFI, CISM, or GSEC Requirements - Monitor security events across the NIH/OD-OIT environment - Detect, analyze, and respond to cybersecurity incidents affecting enterprise systems - Perform incident triage to determine scope, severity, urgency, and operational impact - Support incident containment, eradication, recovery, and restoration activities - Investigate suspected security incidents within established response time requirements - Coordinate incident handling activities with NIH and HHS cybersecurity organizations - Monitor enterprise security logs and alerts - Perform network and host-based intrusion detection - Monitor cloud applications and cloud infrastructure - Support continuous 24x7 security monitoring operations - Identify indicators of compromise (IOCs) and suspicious activity


