Incident Response Engineer

Motorola Solutions is seeking a battle-tested Incident Response Engineer to join our world-class security program.You will lead investigations for high-impact events and a proactive hunter tasked with reducing attacker dwell time.  In addition you will lead projects to create new and improve our security capabilities. Core Focus: Incident Leadership & Response • Lead High-Impact Incidents: Act as the primary Incident Response Lead (IRL) for complex security events, directing containment, eradication, and recovery. • Advanced Digital Forensics: Perform deep-dive analysis (host, memory, network) to determine breach scope and impact. • Root Cause & Remediation: Execute thorough Root Cause Analysis (RCA) and lead After-Action Reviews (AAR) to ensure every incident results in a permanent security improvement. • Containment Strategy: Develop and deploy immediate strategies to isolate threats and minimize organizational damage. Detection, Analysis & Hunting • Proactive Threat Hunting: Design and execute hunt missions to identify undetected malicious activity. • Detection Engineering: Tune SIEM/EDR rules and develop high-fidelity detections based on Purple Team findings and emerging threat intel. • Malware Analysis: Conduct static and dynamic analysis to understand adversary TTPs and extract actionable IOCs. • SOC Escalation: Serve as the final technical authority for high-priority security anomalies. Strategy & Process Improvement • Playbook Development: Create and refine IR plans, runbooks, and SOPs to automate repetitive tasks and increase efficiency. • Security Architecture: Evaluate and tune security tools (SOAR, EDR, SIEM) to enhance global posture. • Mentorship: Coach junior staff on advanced forensic techniques and investigative logic. Basic Requirements • 2+ years of experience in a similar position • Proven track record leading high-severity investigations and mentoring junior analysts through complex response efforts. • Advanced experience using SIEM (Palo Alto XIAM, Google SecOps, Splunk SIEM) and SOAR (Palo Alto XSOAR, XSIAM) tools to detect, investigate, and automate threats. • Deep familiarity with MITRE ATT&CK and the Cyber Kill Chain to identify and pivot on attack TTPs across Windows, Linux, and MacOS. • Ability to build tools and automate workflows using Python, PowerShell, or Bash. • Skilled at distilling complex technical data into succinct reports and able to support high-pressure incidents  • Willing to work during non-standard hours and be part of an on-call rotation schedule.