Incident Response Engineer

O projekcie: Motorola Solutions is seeking a battle-tested Incident Response Engineer to join our world-class security program.You will lead investigations for high-impact events and a proactive hunter tasked with reducing attacker dwell time.  In addition you will lead projects to create new and improve our security capabilities. Wymagania: - 2+ years of experience in a similar position - Proven track record leading high-severity investigations and mentoring junior analysts through complex response efforts. - Advanced experience using SIEM (Palo Alto XIAM, Google SecOps, Splunk SIEM) and SOAR (Palo Alto XSOAR, XSIAM) tools to detect, investigate, and automate threats. - Deep familiarity with MITRE ATT&CK and the Cyber Kill Chain to identify and pivot on attack TTPs across Windows, Linux, and MacOS. - Ability to build tools and automate workflows using Python, PowerShell, or Bash. - Skilled at distilling complex technical data into succinct reports and able to support high-pressure incidents  - Willing to work during non-standard hours and be part of an on-call rotation schedule. Codzienne zadania: - Core Focus: Incident Leadership & Response - Lead High-Impact Incidents: Act as the primary Incident Response Lead (IRL) for complex security events, directing containment, eradication, and recovery. - Advanced Digital Forensics: Perform deep-dive analysis (host, memory, network) to determine breach scope and impact. - Root Cause & Remediation: Execute thorough Root Cause Analysis (RCA) and lead After-Action Reviews (AAR) to ensure every incident results in a permanent security improvement. - Containment Strategy: Develop and deploy immediate strategies to isolate threats and minimize organizational damage. - Detection, Analysis & Hunting - Proactive Threat Hunting: Design and execute hunt missions to identify undetected malicious activity. - Detection Engineering: Tune SIEM/EDR rules and develop high-fidelity detections based on Purple Team findings and emerging threat intel. - Malware Analysis: Conduct static and dynamic analysis to understand adversary TTPs and extract actionable IOCs. - SOC Escalation: Serve as the final technical authority for high-priority security anomalies. - Strategy & Process Improvement - Playbook Development: Create and refine IR plans, runbooks, and SOPs to automate repetitive tasks and increase efficiency. - Security Architecture: Evaluate and tune security tools (SOAR, EDR, SIEM) to enhance global posture. - Mentorship: Coach junior staff on advanced forensic techniques and investigative logic.