3,787 Incident Responder jobs in the United States
Incident Responder
Posted 8 days ago
Job Viewed
Job Description
Pay Rate: $57.69 - $62.50
**US Citizenship is required.**
**Candidate must possess an Active Top Secret/SCI Security Clearance.**
The Incident Responder facilitates and coordinates with the Deputy CISO, CISO, and other leaders to provide expert technical support to the enterprise-wide cyber defense technicians to resolve cyber defense incidents. Correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation to any attacks within the networks. The contractor will respond to cyber incidents as necessary and act as a liaison between entities within as well as internal and external stakeholders within the organization.
Job Responsibilities:
+ Collects intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
+ Performs analysis of log files from a variety of sources to identify possible threats to network security.
+ Performs cyber defense incident triage, to include determining scope, urgency and potential impact, identifies the specific vulnerability, and making recommendations that enables expeditious remediation.
+ Performs cyber defense trend analysis and reporting.
+ Assists in Incident Response processes and in the enhancement of behavioral analytics, including the development of Concept of Operations and Standards Operating Procedures.
+ Develops and maintains models for cyber threat mitigation and improves on threat modeling.
+ Use behavior analytics (UBA) and ensure all infrastructure components meet proper performance standards.
+ Coordinates and provides expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
+ Coordinates incident response functions.
+ Monitors external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
+ Performs cyber defense trend analysis and reporting.
+ Performs initial, forensically sound collection of images and inspects to discern possible mitigation/remediation on enterprise systems.
+ Receives and analyzes network alerts from various sources within the enterprise and determines possible causes of such alerts.
+ Writes and publishes after-action reviews.
+ Writes and publishes cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
+ Writes, assists, and coordinates annual FBI-wide Tabletop Exercise Training Event (TTX) in coordination with OCIO personnel.
+ Assists junior Incident Response Technicians in their tasks.
Basic Hiring Criteria:
+ A minimum of 8+ years of experience is required for this position. In lieu of some experience, industry certifications can be substituted (e.g., ISC2 CISSP, EC-Council Certified Incident Handler (C|IH), EC-Council Certified Network Defender (C|ND), SANS GCIH, SANS GCIP, SANS CFCA, Carnegie Mellon University CSIH).
Benefits offered vary by contract. Depending on your temporary assignment, benefits may include direct deposit, free career counseling services, 401(k), select paid holidays, short-term disability insurance, skills training, employee referral bonus, and affordable medical coverage plan, and DailyPay (in some locations). For a full description of benefits available to you, be sure to talk with your recruiter.
Military connected talent encouraged to apply.
VEVRAA Federal Contractor / Request Priority Protected Veteran Referrals / Equal Opportunity Employer / Veterans / Disabled
To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:
+ The California Fair Chance Act
+ Los Angeles City Fair Chance Ordinance
+ Los Angeles County Fair Chance Ordinance for Employers
+ San Francisco Fair Chance Ordinance
Security Operations Center Incident Responder, VP
Posted 2 days ago
Job Viewed
Job Description
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together.
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together. As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our **Enterprise Operations & Technology** teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Enterprise Operations & Technology re-engineers client and partner processes to deliver excellence through secure, reliable, and controlled services.
Trust is part of our DNA at Citi. As such, we take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi's and our clients' assets and information. We manage information security as an end-to-end program - one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.
We are seeking a **Security Operations Center Incident Responder.** Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.
Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together.
**Required Qualifications:**
+ Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
+ 5+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability.
+ 2+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components.
**Experience in Cloud Forensics/IR**
+ Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services
+ Prior experience with cloud common services
+ Hands-on experience with forensic investigations or large scale incident response in cloud environments.
+ Hands-on experience with containerization methods and tools (e.g. Docker, Kubernetes) including incident response and digital forensics.
+ Certifications (e.g. GIAC, AWS, etc) in cloud or demonstrated equivalent capability.
**Experience in Incident Response**
+ Hands-on experience with analyzing and pivoting through large data sets
+ Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.).
+ Activities include but not limited to:
+ Memory collection and analysis from various platforms
+ Evidence preservation, following industry best practices.
+ Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking)
+ In-depth File system knowledge and analysis.
+ In-depth experience with timeline analysis.
+ In-depth experience with Registry, event, and other log file and artifact analysis.
+ Hands-on experience with a DFIR toolset and related scripting
+ Current expertise with an EDR system
+ One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications.
**Experience in the following operating systems:**
+ Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge.
**Experience in Basic Scripting and Automation**
+ Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.).
**SOC Incident Responder (VP)**
Citi's Security Operations Center (SOC) Incident Response Team seeks a highly skilled and experienced incident response practitioner to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of security specialists and incident responders to react urgently to security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture.
As an individual contributor, you will be a hands-on first responder who triages and investigates cybersecurity incidents in cloud, traditional (i.e. on-premises), and hybrid environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same.
**Responsibilities**
+ Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments.
+ Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
+ Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models.
+ Work with application and infrastructure stakeholders to identify key components and information sources such as environments (on-premises versus cloud), servers, workstations, middleware, applications, databases, logs, etc.
+ Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
+ Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents.
+ Document and present investigative findings for high profile events and other incidents of interest.
+ Participate in readiness exercises such as purple team, table tops, etc.
+ Train junior colleagues on relevant best practices.
**Network Concepts and Understanding**
+ Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
**Other**
+ Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
+ Working knowledge of virtualization products (e.g. VMware Workstation)
+ Must have flexibility to work outside of normal business hours when necessary.
+ Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided they demonstrate sufficient skill and experience.
---
**Job Family Group:**
Technology
---
**Job Family:**
Information Security
---
**Time Type:**
Full time
---
**Primary Location:**
Irving Texas United States
---
**Primary Location Full Time Salary Range:**
$125,760.00 - $188,640.00
In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
---
**Most Relevant Skills**
Please see the requirements listed above.
---
**Other Relevant Skills**
For complementary skills, please see above and/or contact the recruiter.
---
**Anticipated Posting Close Date:**
Oct 13, 2025
---
_Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law._
_If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi ( ._
_View Citi's EEO Policy Statement ( and the Know Your Rights ( poster._
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
IBM CSIRT Incident Responder
Posted 16 days ago
Job Viewed
Job Description
The Office of the Chief Information Security Officer (CISO) is entrusted with the critical mission of safeguarding IBM's global infrastructure-as well as the systems and data of the clients we support worldwide. This responsibility spans the full spectrum of cybersecurity, with specialized teams dedicated to:
* Vulnerability Management
* Threat Detection & Intelligence
* Security Operations
* Product & Application Security
* Mail Security
* System Inventory & Asset Management
* Endpoint Detection & Response (EDR)
* Computer Security Incident Response (CSIRT)
At the heart of this ecosystem, CSIRT plays a pivotal role in managing IBM's internal global incident response process. This team leads the investigation and resolution of cybersecurity and data privacy incidents across IBM, ensuring swift containment, thorough analysis, and resilient recovery. CSIRT operates in close coordination with other security functions to protect IBM's digital assets and uphold trust with our clients.
**Your role and responsibilities**
IBM's Computer Security Incident Response Team (CSIRT) is seeking a seasoned Incident Responder with a strong background in cybersecurity operations and end to end incident management. This role is pivotal in leading the tactical response to cyber and data incidents, working in close partnership with analysts and other cybersecurity professionals to protect IBM and its clients.
As an Incident Responder, you will be responsible for:
* Initiating and leading incident response efforts, including triage, containment, mitigation, and resolution.
* Coordinating across teams such as SOC, Threat Detection, and Forensics to ensure timely and effective incident handling.
* Making rapid decisions under pressure to minimize impact and restore operations.
* Documenting and communicating incident findings, actions taken, and recommendations for future prevention.
* Understanding attacker tactics, techniques, and procedures (TTPs) to anticipate and counter threats effectively.
The ideal candidate will bring:
* Proven experience in incident response and containment strategies.
* Familiarity with security technologies, hosting environments, and modern threat landscapes.
* Strong technical, organizational, and communication skills to lead cross-functional efforts.
* A proactive mindset and ability to operate in high-stakes environments.
**Required technical and professional expertise**
* Minimum of 3 years of experience in cybersecurity incident response within a global enterprise environment.
* Working knowledge of major operating systems (Windows, macOS, Linux) to support incident investigation and containment activities.
* Familiarity with cyber threat actor behaviors, including common tactics, techniques, and procedures (TTPs).
* Experience using endpoint and network security tools (e.g., CrowdStrike, Microsoft Defender for Endpoint) to support incident detection and response.
* Basic understanding of enterprise network infrastructure and security controls, such as firewalls, proxies, IDS/IPS, and endpoint protection platforms.
* Ability to assess and correlate security events to identify potential threats and guide response actions.
* Strong communication skills, with the ability to document incidents clearly and present findings to technical and business stakeholders.
* Proven ability to work independently and collaboratively, especially under pressure during active incidents.
* Organized and detail-oriented, with a focus on timely execution and follow-through during incident handling.
**Preferred technical and professional experience**
Demonstrated computer forensic investigations experience
Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc
Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE)
Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure
Ability to successfully lead and facilitate information gathering meetings
Experience managing small and large scale cyber security incidents
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
M365 Incident Responder, VP
Posted 16 days ago
Job Viewed
Job Description
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together.
Citi's Security Operations Center (SOC) Cloud Incident Response Team seeks a highly skilled and experienced M365 Incident Response practitioner to support critical efforts aimed at protecting Citi public cloud infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the Cloud Incident Response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of cloud security specialists and incident responders to react urgently to security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same.
**Responsibilities**
+ Act as a subject matter expert on incident response for Entra ID and M365 set of services
+ Collaborate across teams to develop capabilities that support incident response and forensic analysis of M365 incidents
+ Designing, implementing, and participating in the incident response processes specific to Entra ID and M365 deployments
+ Develop, document and maintain operationally effective playbooks to deal with cloud basedincidents
+ Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents
+ Document and present investigative findings for high profile events and other incidents of interest
+ Participate in readiness exercises such as purple team, table tops, etc.
+ Train junior colleagues on relevant best practices
+ Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
+ Provide Information Security advice and counsel as needed
+ Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
**Qualifications:**
+ Consistently demonstrates clear and concise written and verbal communication
+ Proven influencing and relationship management skills
+ Strong understanding of security incident response processes, excellent technical documentation skills and proven analytical skills
+ Knowledge of the tools and processes to provide operational security support to the Microsoft 365 (M365) ecosystem
+ Advanced proficiency with Microsoft 365 services and their security configurations
+ Hands-on experience with M365 including configuration, analysis and pivoting through large data sets and security best practices
+ Experience with Identity and Access Management and M365 services - OneDrive, Teams, SharePoint, Exchange Online, etc.
+ Proficient with Azure/M365 tenant capabilities and roles that support incident response/forensic analysis
+ Experience with various log aggregation/data analytics tools, such as Splunk, Elasticsearch, etc.
+ Industry-accredited certifications will be required. Candidates with M365 security certifications (ex: M365 Information Protection Administrator Associate, M365 Security Operations Analyst/Associate, M365 Certified Security Administrator Associate, etc.) and other cloud security certifications (for example: AWS, GCP, Azure, etc.) will be preferred. Candidates without certification must be willing to pursue them during the course of employment.
Education:
+ Bachelor's degree/University degree or equivalent experience with 5+ years of relevant M365/Azure experience.
+ Master's degree preferred.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
---
**Job Family Group:**
Technology
---
**Job Family:**
Information Security
---
**Time Type:**
Full time
---
**Primary Location:**
Irving Texas United States
---
**Primary Location Full Time Salary Range:**
$125,760.00 - $188,640.00
In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
---
**Most Relevant Skills**
Please see the requirements listed above.
---
**Other Relevant Skills**
For complementary skills, please see above and/or contact the recruiter.
---
**Anticipated Posting Close Date:**
Dec 31, 2025
---
_Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law._
_If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi ( ._
_View Citi's EEO Policy Statement ( and the Know Your Rights ( poster._
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Data Protection Incident Responder - USDS
Posted 10 days ago
Job Viewed
Job Description
Responsibilities
Team Intro The US Security and Privacy Operations - Data Protection Incident Responder will report to the USDS Resiliency Operations Center Lead. This position is responsible for managing incidents that are escalated from business units to investigate, coordinate cross-functional triage and mitigation activities, remediation coordination and tracking, reporting and communication, and escalate to the Enterprise Incident Response Lead if the incident reaches a crisis threshold. In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time. Responsibilities - Ensure incident response processes are executed to support incident remediation activities, communications, and connection to crisis management if necessary. - Communicate incident response concepts and protocols in a digestible manner to non-technical audiences. - Supports tracking/maintenance/advancement/executiton of USDS Incident Response projects. - Active participation in incident response activities and escalation to crisis as needed. - Know incident response plans and procedures, including identification, remediation, containment, and eradication procedures. - Know Crisis Management Plans and procedures, thresholds, and execute activation procedures. - Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations.
Qualifications
Minimum Qualifications - Bachelors' Degree or industry equivalent work experience in CyberSecurity, emergency management, or crisis management with a focus on security analytics and incident response along with 3+ years experience in incident management operations, crisis management planning, and/or exercises as well as identifying and responding to threats and threat actors. - Excellent communication (verbal and written)& collaboration skills, and ability to influence without authority. - Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams along with demonstrated time management, problem-solving, effort prioritization, and interpersonal skills. - Work well under pressure and within constraints to solve problems and meet objectives with Strong analytical/problem-solving skills and cross-functional expertise across multiple IT operational and security disciplines. - Experience in emergency operations, planning, and/or exercises, including program design and implementation. - Strong project management skills and thought leadership. - Coordinating high-profile, complex incident situations. Preferred Qualifications: - Social media, entertainment, startup, and/or tech industry experience
Job Information
(For Pay Transparency)Compensation Description (Annually)
The base salary range for this position in the selected city is $93860 - $ annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
For Los Angeles County (unincorporated) Candidates:
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:
1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;
2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and
3. Exercising sound judgment.
About USDS
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security ("USDS") is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.
Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.
Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect - and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.
Diversity & Inclusion
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
USDS Reasonable Accommodation
USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at
Junior Cyber Defense Incident Responder
Posted 13 days ago
Job Viewed
Job Description
At Maximus, we're proud to be celebrating our 50th year in business, with strong financial performance - including $1.4B in revenue this quarter and 15% growth in our Federal services group. We've also been recognized as a Washington Post Top Workplace and a VETS Indexes 5 Star Employer in 2024.
Maximus is seeking a Junior Cyber Defense Incident Responder for an onsite position in Washington, DC (near Union Station).
Becoming part of Maximus means joining a team that offers:
* A generous annual allowance for education or professional certification
* Free access to robust certification and training programs to help you grow your career
* Strong career path with support for internal mobility
* A collaborative, respectful work environment with supportive leadership
* Comprehensive benefits, including medical/dental/vision, paid time off, and more
Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS058, T4, Band 7
Job-Specific Essential Duties and Responsibilities:
- Respond to cyber incidents, including handling SOC IR phone calls and emails from clients and customer points of contact.
- Support detection and incident handling & response, of cyber threats affecting internal and external client networks.
- Maintain knowledge of current vulnerabilities, response, and mitigation strategies used in the cybersecurity operation center.
- Analyze and report cyber threats, assisting in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions.
- Follow Federal IRP, SOC SOPs, and other documentation procedures to work effectively while focusing on process improvement.
- Possess knowledge of multiple technologies and system types.
- Articulate the incident response lifecycle clearly.
Job-Specific Minimum Requirements:
- Bachelor's degree with 1+ years of experience in cyber defense incident handling (or equivalent experience).
- 1+ years of SOC experience with direct experience in incident handling and response activities.
- Knowledge of security tools and the security stack.
- Hands-on experience with Splunk SIEM, including at least one year as a cybersecurity or security operations analyst.
- Basic understanding of network protocols and packet analysis tools.
- Certification: Security+ or equivalent. Splunk Fundamentals I & II preferred.
- Clearance: Ability to obtain and maintain a Public Trust clearance
#techjobs #clearance #C0reJobs
Minimum Requirements
TCS058, T4, Band 7
EEO Statement
Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.
Accommodations
Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at .
Junior Cyber Defense Incident Responder (2)
Posted 8 days ago
Job Viewed
Job Description
At Maximus, we're proud to be celebrating our 50th year in business, with strong financial performance - including $1.4B in revenue this quarter and 15% growth in our Federal services group. We've also been recognized as a Washington Post Top Workplace and a VETS Indexes 5 Star Employer in 2024.
Maximus is seeking a Junior Cyber Defense Incident Responder for an onsite position in Washington, DC (near Union Station).
Becoming part of Maximus means joining a team that offers:
* A generous annual allowance for education or professional certification
* Free access to robust certification and training programs to help you grow your career
* Strong career path with support for internal mobility
* A collaborative, respectful work environment with supportive leadership
* Comprehensive benefits, including medical/dental/vision, paid time off, and more
Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS055, T1, Band 4
Job-Specific Essential Duties and Responsibilities:
- Respond to cyber incidents, including handling SOC IR phone calls and emails from clients and customer points of contact.
- Support detection and incident handling & response, of cyber threats affecting internal and external client networks.
- Maintain knowledge of current vulnerabilities, response, and mitigation strategies used in the cybersecurity operation center.
- Analyze and report cyber threats, assisting in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions.
- Follow Federal IRP, SOC SOPs, and other documentation procedures to work effectively while focusing on process improvement.
- Possess knowledge of multiple technologies and system types.
- Articulate the incident response lifecycle clearly.
Job-Specific Minimum Requirements:
- Bachelor's degree with 1-3 years of experience in cyber defense incident handling (or equivalent experience).
- 1-3 years of SOC experience with direct experience in incident handling and response activities.
- Knowledge of security tools and the security stack.
- Hands-on experience with Splunk SIEM, including at least one year as a cybersecurity or security operations analyst.
- Basic understanding of network protocols and packet analysis tools.
- Certification: Security+ or equivalent. Splunk Fundamentals I & II preferred.
- Clearance: Ability to obtain and maintain a Public Trust clearance
#techjobs #clearance #C0reJobs
Minimum Requirements
TCS055, T1, Band 4
EEO Statement
Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.
Accommodations
Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at .
Be The First To Know
About the latest Incident responder Jobs in United States !
Critical Incident Responder, Licensed Mental Health Professional
Posted 19 days ago
Job Viewed
Job Description
Job Type
Contract
Description
Are you looking for a unique way to support your community and local businesses?
R3 Continuum is searching for diverse and compassionate behavioral health professionals like you to expand our network in Corpus Christie and surrounding areas in Texas. You would be providing on-site crisis support to organizations and employees recently affected by a disruptive workplace event.
Advantages of being an Independent Consultant for R3C include:
- Comprehensive crisis response trainings
- Flexible schedule, work on case-by-case basis
- Personalized support
- Simple electronic reporting via our mobile app
- Supplemental income
R3c.com
Requirements
Required Qualifications:
- Independently licensed in the state of Texas (LPC-I, LMFTA, LMSW-AP, LMSW-IPR or Psychologist)
- Minimum of a master's degree in mental health
- Malpractice insurance coverage of $1,000,000/$,000,00
- Willing to complete R3C's DEM crisis response training or proof of approved CIR training.
Salary Description
80.00 - 100.00
Associate Customer Incident Responder, AWS Customer Incident Response Team (CIRT)
Posted 3 days ago
Job Viewed
Job Description
AWS Global Services includes experts from across AWS who help our customers design, build, operate, and secure their cloud environments. Customers innovate with AWS Professional Services, upskill with AWS Training and Certification, optimize with AWS Support and Managed Services, and meet objectives with AWS Security Assurance Services. Our expertise and emerging technologies include AWS Partners, AWS Sovereign Cloud, AWS International Product, and the Generative AI Innovation Center. You'll join a diverse team of technical experts in dozens of countries who help customers achieve more with the AWS cloud.
Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer operate securely in the cloud. Building on those experiences you'll collaborate with AWS service teams on new features, innovate with new technologies, and explore new challenges.
The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world's workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
The AWS Customer Incident Response Team (CIRT) is a specialized 24/7 global (AWS) team that provides support to customers in responding to active security events on their side of the shared security model. The team is made up of AWS Solutions Architects and Security Engineers who are experienced in incident response.to assist customers with identifying Indicators of Compromise, isolation, containment, log collection and analysis, determining root cause, recovery, and preventative guidance to avoid recurrence.
Key job responsibilities
- Support incident response operations
- Become a technical resource that earns the trust of customer stakeholders before, during, and after a security event.
- Contribute as part of a team to build and deploy threat detection and incident response capabilities.
- Collaborate to design, build, and deploy solutions to automate security operations and incident response on AWS.
- Develop high-quality content, such as reference architectures, white papers, and blog posts to help AWS customers secure their workloads.
- Innovate on behalf of customers by translating your thoughts into action-driven results.
- Mentor and invest in our team, partners and customers to raise the bar for our customers.
- Periodic on-call required.
About the team
Diverse Experiences
Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why AWS
Amazon Web Services (AWS) is the world's most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating - that's why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve in the cloud.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship and Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Experience with coding/scripting in one or more languages (e.g., Python, C, C++, Java, Ruby, or PowerShell)
- Knowledge of networks, protocols, cloud and security fundamentals .
- 2+ years of hands-on technical experience in threat detection, log collection and analysis, incident response, and/or security operations.
Preferred Qualifications
- Experience with any combination of core security functions such as threat modeling, secure software development, data classification, identity management and authentication, cryptography, system administration, network security, and forensics.
- Hands-on technical experience in building scripts, tools, or methodologies that enhance customers' threat detection and incident response capabilities.
- Experience with developing and training AI models.
- Can communicate complex technical matters clearly and concisely orally and in writing.
- Ability to manage customers expectations during security events, and deliver results.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.
Associate Customer Incident Responder, AWS Customer Incident Response Team (CIRT)
Posted 3 days ago
Job Viewed
Job Description
AWS Global Services includes experts from across AWS who help our customers design, build, operate, and secure their cloud environments. Customers innovate with AWS Professional Services, upskill with AWS Training and Certification, optimize with AWS Support and Managed Services, and meet objectives with AWS Security Assurance Services. Our expertise and emerging technologies include AWS Partners, AWS Sovereign Cloud, AWS International Product, and the Generative AI Innovation Center. You'll join a diverse team of technical experts in dozens of countries who help customers achieve more with the AWS cloud.
Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer operate securely in the cloud. Building on those experiences you'll collaborate with AWS service teams on new features, innovate with new technologies, and explore new challenges.
The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world's workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
The AWS Customer Incident Response Team (CIRT) is a specialized 24/7 global (AWS) team that provides support to customers in responding to active security events on their side of the shared security model. The team is made up of AWS Solutions Architects and Security Engineers who are experienced in incident response.to assist customers with identifying Indicators of Compromise, isolation, containment, log collection and analysis, determining root cause, recovery, and preventative guidance to avoid recurrence.
Key job responsibilities
- Support incident response operations
- Become a technical resource that earns the trust of customer stakeholders before, during, and after a security event.
- Contribute as part of a team to build and deploy threat detection and incident response capabilities.
- Collaborate to design, build, and deploy solutions to automate security operations and incident response on AWS.
- Develop high-quality content, such as reference architectures, white papers, and blog posts to help AWS customers secure their workloads.
- Innovate on behalf of customers by translating your thoughts into action-driven results.
- Mentor and invest in our team, partners and customers to raise the bar for our customers.
- Periodic on-call required.
About the team
Diverse Experiences
Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why AWS
Amazon Web Services (AWS) is the world's most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating - that's why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve in the cloud.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship and Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Experience with coding/scripting in one or more languages (e.g., Python, C, C++, Java, Ruby, or PowerShell)
- Knowledge of networks, protocols, cloud and security fundamentals .
- 2+ years of hands-on technical experience in threat detection, log collection and analysis, incident response, and/or security operations.
Preferred Qualifications
- Experience with any combination of core security functions such as threat modeling, secure software development, data classification, identity management and authentication, cryptography, system administration, network security, and forensics.
- Hands-on technical experience in building scripts, tools, or methodologies that enhance customers' threat detection and incident response capabilities.
- Experience with developing and training AI models.
- Can communicate complex technical matters clearly and concisely orally and in writing.
- Ability to manage customers expectations during security events, and deliver results.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.