Cybersecurity IR Engineer (remote) at Corus Group, LLC

Posted in Other about 4 hours ago.

Location: Nashville, Tennessee





Job Description:

Position Description

This exciting opportunity is a full-time, permanent role with Converge. As an Engineer within the Cybersecurity Strategy & Defense practice, you will act as a trusted advisor to our client base. The Engineer will provide expertise and guidance in technical service delivery efforts, specifically around Incident Response and Endpoint Detection technologies. The Engineer will also be involved in refining IR processes and consulting clients on cybersecurity best practices. We invest heavily in our team members growth with cross-technology and certification training.



Key Responsibilities

  • Regularly monitor IR queues and assign tickets based on your area of expertise.
  • Triage and resolve tickets using QuickBooks and collaborate with team members as needed.
  • Conduct proactive threat hunts by developing hypotheses based on client specific threats and vulnerabilities.
  • Create and update IR QuickBooks (runbooks) informed by your experience with detection use cases.
  • Participate in required meetings and collaborate on addressing critical issues.
  • Develop subject matter expertise (SME) in one or more security technologies.
  • Assist with the IR content migration from Splunk Ad-Hoc to Splunk ES (Enterprise Security).
Maintain a comprehensive understanding of the CrowdStrike environment to manage tasks such as:
  • Assessing the impact of recent CrowdStrike release notes and technical alerts, and implementing changes in accordance with client change management policies.
  • Creating and modifying Fusion workflows to enhance IR operational efficiency.
  • Developing and updating custom IOAs to detect specific threats relevant to client.
  • Possess a basic understanding of the Splunk environment and the ability to:
  • Use SPL (Search Processing Language) proficiently.
  • Create and modify saved searches tailored to IR operational needs.

Competencies & Qualifications

  • 3+ years of experience in a professional cybersecurity capacity
  • 2+ years of experience working within Incident Response
  • Hands-on experience with Crowdstrike is required
  • Hands-on experience with Splunk is required
  • Crowdstrike & Splunk certifications are a big plus
  • Defensive & Response cybersecurity certifications via SANS are a big plus

Work Environment

  • Remote, work from home
  • Although this role is remote, candidates must be physically based within Alabama, California, Georgia, Indiana, Kentucky, Michigan, Missouri, Ohio, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, Florida or Washington

Total Rewards


We offer a comprehensive total rewards package that includes base salary, quarterly bonus, healthcare benefits, 401k match, company stock match program, PTO/holiday, training/development and so much more.
More jobs in Nashville, Tennessee


Kroger

Kroger

Elevance Health
More jobs in Other


Allyon

Allyon

Allyon