Sr. Incident Responder

Published date Posted on Indeed on Oct 04, 2021 (15 d ago)

About CipherTechs, Inc.

CipherTechs is a global Cyber Security service provider founded in 2001 that remains privately held with headquarters in New York City. We are completely and exclusively focused on cyber security and provide a full-service solution portfolio. We service our customers through the following main practice areas: Offensive Security Services, Audit & Compliance, Defensive & Managed Services, Digital Forensics & Incident Response, General Consulting.

As a managed services security provider (MSSP), CipherTechs maintains multiple security operations centers, staffed 24x7, with the responsibility of identifying, containing and responding to security incidents for major organizations worldwide.

This managed security service is backed by security engineers that are trained and certified in dealing with incident response and digital forensic investigations. These engineers have obtained certifications from industry-wide organizations such as ISC2, SANS, and ISACA, and possess extensive product experience with the solutions that are used to secure our customers environments.

Description of the Position

SOC Incident Responder

Our Incident Response, Security Engineering, and Defense Engineering teams work together to provide world-class detection and response services critical to business operations, legal compliance, and public relations. Our Incident Response team analyzes events and responds to incidents related to the confidentiality, integrity, and availability of systems and services critical to business operations ranging from impacting the end user to deeply entrenched advanced persistent threats.

***Preferred candidate will be located in the Pacific Time Zone***


  • Coordinate and advise clients on escalated incident triage and response.
  • Conduct analysis of closed incidents to identify trends and insights that lead to process improvements.
  • Review recently closed incidents and confirm completeness, accuracy, quality of work, attachments, and other critical components.
  • Act as escalation point (including on-call rotations) for highly complicated or sensitive work and follow through to ensure quality of work and expectations are met. Document and train others to minimize escalations.
  • Monitor cases, incidents, etc. for opportunities to help investigations, tune signatures, or otherwise improve services and team expertise.
  • Create and maintain "use cases" in a centralized library.
  • Create and maintain SIEM rules, dashboards, lookup lists, threat intelligence feeds and other content.
  • Maintain central signature database and deployment of signatures to clients.
  • Work with Red Team to validate the effectiveness of signatures, rules, alarms, etc.
  • Identify and resolve opportunities to update documentation for the betterment of the team and services provided (policies, procedures, knowledgebase articles, etc.).
  • Ensure that documentation aligns with industry best practices and common compliance frameworks where reasonable and possible.
  • Act as a primary subject matter expert for multiple security products.
  • Regularly provide training to peers in the Blue Team to ensure a solid baseline of skill and experience.
  • Act as a primary technical point of contact with customers.
  • Supervise and assist with team access and credentials to customer environments.
  • Assist or lead in onboarding new customers and other projects.
  • Maintain familiarity with client contracts and identify out of scope work, opportunities for deepening relationship and improving services, etc.
  • Address ad-hoc client requests that fall within scope of work and escalate those that do not.


  • Willing to work in a 24/7 work environment with a flexible work schedule (aimed at 40hrs per work week).
  • Demonstrated experience with the security industry including an understanding of best practices, risk mitigation, and compliance frameworks.
  • Able to function effectively in high stakes and high stress situations.
  • Legally capable of working in the US or EU.
  • Follow a continuous education program and maintain one or more relevant professional certifications.
  • Ability to quickly find answers to questions referencing manuals and/or Internet resources.
  • Fluent in English in both writing and speech (i.e. writing, reading, speaking, and understanding).


  • 5-years' experience performing similar duties.
  • Obtain within 1 year and maintain at least one of the following certifications (other expert certifications will be considered): GCDA, GSLC, SSCP, OSCP, GNFA, CCNP, CCIE, GSNA.

Preferred Background

  • One or more security-related certifications from any of the following organizations: GIAC, ISC(2), CompTIA, EC-Council, Offensive Security, PMI, Cisco, Microsoft, Apple, Amazon
  • A valid passport.
  • Bachelor of Information Technology, Computer Science, Computer Engineering, Cybersecurity, Communications, Business or other related fields of study.
  • Demonstrates a personal interest in cybersecurity outside work hours.
  • Experience with regular expressions.
  • Experience writing security product signatures, alerts, etc.
  • Experience in an MSSP environment or performing similar duties.
  • Experience with deploying, maintaining, or using one or more of the following Security Solutions: SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security
  • Programming experience in machine, assembly, high-level, scripting languages.
  • Experienced in reviewing event logs.

Job Type: Full-time

Pay: $100,000.00 - $135,000.00 per year


  • 401(k)
  • 401(k) matching
  • Dental insurance
  • Employee assistance program
  • Flexible spending account
  • Health insurance
  • Health savings account
  • Life insurance
  • Paid time off
  • Professional development assistance
  • Referral program
  • Tuition reimbursement
  • Vision insurance


  • Day shift

Supplemental Pay:

  • Bonus pay

Application Question(s):

  • Are you willing to submit to a background check?


  • SIEM: 5 years (Required)
  • Event log: 5 years (Required)
  • Network IDS/IPS: 5 years (Required)

Work Location:

  • Fully Remote

Work Location: Remote

Let us know

Help us maintain the quality of jobs posted on RemoteTechJobs and let us know if:

Error on reporting

Related jobs

BJ's Wholesale Club BJ's Wholesale Club |
3 d ago

Join a team of more than 25,000 team members, comprised of our home office and over 215 clubs and 3 distribution centers in 17 states. We’re committed to delivering value and convenience to our Members, helping them save every day on everything they need for their family an

Syneos Health Clinical Syneos Health Clinical |
4 d ago

Sr Info Cybersecurity Analyst - (21011698)DescriptionJOB SUMMARYResponsible for analyzing security controls for information systems with increasing levels of complexity and breadth. Safeguards the network against unauthorized infiltration, modification, destruction, or disclosure

Reporting to: Security Operations ManagerIntroduction:Our goal at Pivotree is to help accelerate the future of frictionless commerce. We will help lead this change over the next decade because we believe a future where technology is embedded intimately into all aspects of our eve

Overview:For more than 30 years, NCI Information Systems has been a leading provider of digital transformation solutions and services to U.S. government agencies. With its Empower™ platform, NCI is at the forefront of implementing artificial intelligence (AI) solutions to s

We are looking for a results-oriented individual who will be responsible for ensuring the availability, confidentiality, and integrity of the Consensus business' data assets.The Application Security Engineer will be an innovative, self-driven, team player. The Application Securit

More jobs by this company

Ciphertechs Ciphertechs |
15 d ago

Description of the Position:Jr. Incident ResponderOur Incident Response, Security Engineering, and Defense Analytics team work together to provide world-class detection and response services critical to business operations, legal compliance, and public relations. Our Incident Res