Incident Response Engineer

Incident Response Engineer

Insight Global is seeking an Incident Response Engineer for one of our biotech clients in Billerica, MA. This role will be hybrid remote working three (3) days onsite. This role will start as a six (6) month contract with potential extensions and the possibility of converting to a permanent position. In this role you will join our client's growing organization and information security team and will work within the security operations team, reporting to the director, IT infrastructure and security operations. You will respond to security events, conduct analysis of threats such as malware and intrusion attempts, and provide security services to safeguard highly sensitive data. You will work hands-on with detection systems and vulnerability analysis tools to respond to potential threats to their systems. You should be prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis. With your technical expertise, you will be solving security challenges at scale, working to protect the applications that support our client's and their fast-growing business. We are seeking broad and deep technical knowledge, specifically in the fields of forensics, malware analysis, network security, application security, threat hunting, and threat intelligence. Additional responsibilities include:

• Acting as a security multiplier to help scale security incident response
• Preparing post-mortem reports of incidents and presenting findings to the broader team
• Creating and maintaining runbooks to ensure smooth handling of all security incidents
• Leading and participating in incident response tabletop exercises to validate and improve existing processes and procedures and train others on their roles and responsibilities during an incident
• Monitoring and analyzing security logs, using KQL queries in Microsoft Sentinel, to identify potential security breaches
• Building, refining, and maintaining analytic rules, workbooks, hunting queries, and dashboards in Microsoft Sentinel to enhance detection and response capabilities
• Automating incident response and enrichment processes using logic apps, automation rules, and playbooks in Sentinel
• Assessing vulnerabilities within the environment, conducting risk-based prioritization of vulnerabilities, and assisting in remediation
• Leading and coordinating responses to cyber threats, including incidents identified in Microsoft Defender for Endpoint

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.

Skills and requirements:

• 5+ years of experience in incident response
• Extensive experience with Microsoft Defender for endpoint protection and response
• Experience with Microsoft Sentinel (SIEM/SOAR)
• Experience with vulnerability management solutions
• Experience with scripting tools (Python, PowerShell, Bash, KQL, etc.) for automation
• Industry certifications (Microsoft Security, SANS, ISC2, etc.)
• Experience in biotech/pharma industry