SOC Incident Responders

(multiple seniority levels)

Description of the Positions

Our Incident Response, Security Engineering, and Defense Analytics team work together to provide world-class detection and response services critical to business operations, legal compliance, and public relations. Our Incident Response team analyzes events and responds to incidents related to the confidentiality, integrity, and availability of systems and services critical to business operations ranging from impacting the end user to deeply entrenched advanced persistent threats. Additional duties may be added as required to any tier.



  • Internships are expected to last a duration of 6 months and may lead to an offer for a Junior position.
  • Become familiarized with the work environment and gain necessary exposure and skills to operate at 80% of a full-time employee.
  • Use any available downtime to test documented procedures and/or study for one of the following certifications: CompTIA Sec+, CompTIA A+, CompTIA N+, EC-Council CEH, Linux Essentials PDC, Cisco CCT, Microsoft MTA, Apple ACA, GIAC GISF or a similar professional security certification.
  • Spend anywhere from 16-40 hours a week alongside full-time employees as higher education schedule allows.


  • Monitor for and respond to security events and alerts that reflect a risk to the confidentiality, integrity, and/or availability of systems, services, and data.
  • Coordinate over multiple mediums with users and administrators of various roles and backgrounds during incident investigations and response.
  • Collect and analyze raw events and alerts. Construct timelines surrounding activity that is adversarial or otherwise related to the investigation at hand.
  • Provide feedback on alerts received and events reviewed to the betterment of detection capabilities.
  • Identify and resolve opportunities to automate repetitive tasks.
  • Classify and prioritize incidents based on established criteria.
  • Proactively propose improvements for how to reduce risk and potential future incidents.
  • Consistently provide professional-quality customer service.
  • Regularly track work in a ticketing/tracking system with a thoroughness acceptable for knowledge base use and customer consumption.
  • Maintain high level of technical expertise with products in use and the ability to quickly familiarize with related technologies.
  • Stay informed of breaking news and industry best practices from multiple reliable sources and share findings. Attend and contribute to regular team meetings.


  • Formalize and deliver security product tuning requests to improve detection capabilities and overall efficiency.
  • Develop and maintain incident response use incidents, knowledge base articles, and other relevant documentation.
  • Coordinate basic forensics activities as needed.
  • Conduct after action reviews on high impact and otherwise noteworthy incidents to identify process and human capital improvements.
  • Aid in onboarding and mentoring new team members.
  • Drive and Implement continuous improvement, open communication, and sharing of knowledge.
  • Assist with creation, review, and upkeep of internal documentation.
  • Facilitate reasonable out-of-hours communications such as company email and occasional SOC operations related phone calls to resolve escalated issues.
  • Actively encourage team collaboration, cross-training, and documentation.
  • Act as a primary subject matter expert for one or more security products.
  • Act as escalation point for complicated or sensitive work.


  • Coordinate advanced forensics activities as needed.
  • Perform basic malware reverse engineering as needed.
  • Conduct analysis of closed incidents to identify trends and insights that lead to process improvements.
  • Review recently closed incidents and confirm completeness, accuracy, quality of work, attachments, and other critical components.
  • Ensure that team members are following best practices and documented procedures.
  • Supervise and assist with team access and credentials to customer environments.
  • Act as a primary technical point of contact with customers.
  • Ensure customer Service Level Agreements are consistently met or exceeded and identify areas of improvement.
  • Assist or lead in onboarding new customers and other projects.
  • Act as escalation point for highly complicated or sensitive work.
  • Act as a primary subject matter expert for multiple security products.
  • Create or update SIEM rules and related documentation in the form of “use cases.”
  • Work with Red Team to validate the effectiveness of signatures, rules, alarms, etc.


All Levels of Seniority

  • Willing to work in a 24/7 work environment with a flexible work schedule (aimed at 40hrs per work week).
  • Demonstrated experience with the security industry including an understanding of best practices, risk mitigation, and compliance frameworks.
  • Able to function effectively in high stakes and high stress situations.
  • Legally capable of working in the US or EU.
  • Follow a continuous education program and maintain one or more relevant professional certifications.
  • Ability to quickly find answers to questions referencing manuals and/or Internet resources.
  • Fluent in English in both writing and speech (i.e. writing, reading, speaking, and understanding).


  • 1-year experience performing similar duties.
  • Obtain within 1 year and maintain at least of the following certifications (other intermediate certifications will be considered): GSEC, GCIH, CySA+, GCIA, CCENT, GCCC


  • 2 years’ experience performing similar duties.
  • Obtain within 1 year and maintain at least one of the following certifications (other advanced certifications will be considered): GCED, GMON, GCFE, GCFA, CCNA, CCDA


  • 5-years’ experience performing similar duties.
  • Obtain within 1 year and maintain at least one of the following certifications (other expert certifications will be considered): GCDA, GSLC, SSCP, OSCP, GNFA, CCNP, CCIE, GSNA.

Preferred Background

  • One or more security-related certifications from any of the following organizations: GIAC, ISC(2), CompTIA, EC-Council, Offensive Security, PMI, Cisco, Microsoft, Apple, Amazon
  • A valid passport.
  • Bachelor of Information Technology, Computer Science, Computer Engineering, Cybersecurity, Communications, Business or other related fields of study.
  • Demonstrates a personal interest in cybersecurity outside work hours.
  • Experience with regular expressions.
  • Experience writing security product signatures, alerts, etc.
  • Experience in an MSSP environment or performing similar duties.
  • Experience with deploying, maintaining, or using one or more of the following Security Solutions: SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security
  • Programming experience in machine, assembly, high-level, scripting languages.
  • Experienced in reviewing event logs.


  • 401K with 4% match after six months on the job.
  • Partial telephone or Internet reimbursement.
  • Health insurance with one or more care providers to select from (including dental & vision).
  • Performance-based individual and group annual bonuses.
  • Continuing professional education at the cost of CipherTechs.
  • Ability to work from home on some duty days (for employees that report daily to a physical office).


Please email jobs a t with a PDF version of your resume. No recruiters please.