Cyber Incident Response Specialist

**Summary**:
StickmanCyber is seeking a highly experienced Senior Incident Response Analyst with Digital Forensic expertise to direct and execute the company’s MSSP incident response capabilities. This individual will oversee complex investigations, own IR governance and playbooks, coordinate with cross-functional stakeholders during live incidents, and lead the development and tuning of detection logic across Google SecOps, Sentinel, CrowdStrike and other related security technologies across all the Customers within MSSP SOC. This is a mid-level leader, technical hands-on position supporting StickmanCyber’s MSSP SOC. The role requires handling sophisticated threats, forensics and detection engineering in high-velocity environments. As the Senior DFIR Expert, you will be assisting our analysts with daily investigations, evaluation of emerging compromises and vulnerabilities and helping to develop advanced use cases that can be used to detect active or attempted compromise on our client’s information systems. You are also required to be a personal motivator, working with analysts to develop their career, their skills, and overall team culture. You are expected to identify ways to positively impact team performance and encourage innovation, while displaying a positive customer service attitude to our partners and clients. Finally, you are required to review current SOC processes and work to improve to offer our clients world class SOC services.

**Primary DFIR Responsibilities**:

- Lead and manage high-impact cybersecurity incidents through all phase detection, containment, eradication, and recovery, ensuring mínimal business impact.
- Oversee detailed digital forensics investigations across endpoints, servers, and cloud platforms, maintaining evidence of integrity, chain of custody, and comprehensive reporting.
- Conduct proactive threat hunting leveraging behavioral analytics, threat intelligence, and hypothesis-driven techniques to identify stealthy adversaries and undetected compromises.
- Develop and enhance detection and hunting playbooks, focusing on MITRE ATT&CK-aligned TTPs, anomaly detection, and continuous improvement of detection coverage.
- Perform root-cause analysis and adversary profiling to uncover vulnerabilities, exploited vectors, and attacker TTPs; translate findings into actionable threat intelligence.
- Collaborate closely with SOC (L1-L3) teams, customers, law enforcement, and third-party IR partners to coordinate containment and recovery activities.
- Provide executive-level reporting and lessons learned to senior leadership, driving enhancements in controls, response workflows, and automation.
- Lead and facilitate incident response exercises, tabletop simulations, and threat of hunting sprints to validate readiness and strengthen operational resilience.
- Stay current with evolving threat landscapes, forensic methodologies, and detection technologies, integrating relevant advancements into SOC operations.
- Collaborate with the Security Engineering team to optimize SOAR automations that streamline incident responses and improve analyst efficiency.
- Coach and mentor junior analysts in incident handling, threat hunting, and forensic analysis to uplift team capability and maturity.
- Support critical incidents requiring after-hours response when necessary.

**Essential Skills & Experience**:

- Minimum 5-8 years’ experience in cyber security with strong incident response and/or digital forensics focus.
- Hands-on experience with forensic tools and techniques and log/event analysis.
- Proven experience investigating real-world security incidents, including advanced threats, ransomware, cloud breaches, or APT activity.
- Proficiency with endpoint, server, network, and cloud (AWS/Azure/GCP) forensics and incident response.
- Strong analytical, investigative, and root-cause skills. Ability to write clear incident reports and executive summaries.
- Solid understanding of security frameworks, incident response methodologies (e.g., NIST IR), and threat actor TTPs (e.g., MITRE ATT&CK).
- Experience developing incident response playbooks and forensics workflows.
- Excellent communication skills; able to engage technical teams, stakeholders and executive leadership.
- Relevant certifications GCIH, GCFA, GREM, CHFI etc. are preferred but not mandatory.

**Desirable Attributes**:

- Experience in SOC environments, including L2/L3 escalation and working with SOC triage/hunting teams.
- Familiarity with automation/orchestration (SOAR tools), scripting forensics workflows.
- Exposure to regulated environments (e.g., finance, critical infrastructure, government) and handling sensitive data/incidents.
- Ability to coach and mentor other analysts and drive capability building within the team. Comfortable working occasional odd hours where incident coverage is required.

Pay: From $83,612.86 per year

Work Location: In person