Incident Response Expert (Security sector)


  • Kuyavia-Pomerania

  • offer expired over a month ago
  • B2B contract
  • full-time
  • expert
  • home office work
  • Immediate employment
  • remote recruitment

Technologies we use

Operating system

Your responsibilities

  • Deliver Incident Response containment and remediation engagements for clients;

  • Conduct host-based analysis, forensics, network forensics, log analysis, and malware triage in support of incident response investigations;

  • Utilize technology to conduct large-scale investigations and examine endpoint and network-based sources of evidence;

  • Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations;

  • Build scripts, tools, or methodologies to enhance incident investigation processes;

  • Work with clients' security and IT operations teams to implement remediation plans in response to incidents;

  • Create and document detailed remediation guides and tracking documents, for clients to leverage to prepare for and execute a coordinated remediation event;

  • Design and assist clients with network architecture enhancements and configuration modifications to defend against identified threats and attacker techniques;

  • Recommend and document specific counter-measures and mitigating controls;

  • Articulate the company’s capabilities in marketing discussions, proposal efforts, and capability briefings;

  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences;

  • Effectively communicate remediation strategies and workstreams to client stakeholders including technical staff, executive leadership, and legal counsel;

  • Build playbooks;

  • Plan and exercise Incident Response;

  • Deliver SIEM tuning;

  • Perform a “hot wash” (document lessons learned), SWOT analysis, and incorporate them into the Incident Response Plan within After Incidents activities.

Our requirements

  • 5+ years of information security experience;

  • Prior experience as a lead system administrator or network engineer in an enterprise environment;

  • Technical expertise in Incident Response;

  • Thorough understanding of enterprise security controls in Active Directory / Windows environments;

  • Knowledge of SIEM tools;

  • Understanding of Azure and O365;

  • Experience in working with:

  • Implementation and management for both network and host-based firewall configurations;

  • Implementing logging configurations for network devices and Windows endpoints.


  • Bachelor’s degree in a technical field;

  • Technical expertise in AWS GuardDuty;

  • Unix endpoint experience;

  • Expertise in enforcing application whitelisting and host-based restrictions;

  • Understanding of enterprise networking and knowledge of network segmentation strategies;

  • PowerShell scripting skills.

What we offer

  • A possibility to join a team of security consultants investigating computer crimes and breaches that make the headlines – and many more that don’t;

  • Great opportunity for personal development in a stable and friendly multinational company;

  • Competitive salary;

  • Remote work together with participation in global projects;

  • A possibility of growing your craft alongside like-minded professionals.

More information

Our Client is a US-based cybersecurity company headquartered in New York City whose mission is to support its clients in mitigating cyber threats. They are focused on three main areas: Cyber Breach Response, Cloud Security Services, and Proactive Cyber Services. Their military-grade professionals have decades of experience in cyber operations and apply their knowledge of the attacker perspective to facilitate efficient, effective, and scalable responses to cyber breaches. Their growing team combines operational and technological disciplines with instinctual methods to keep their client’s information safe.

Location: Remotely from Poland

Salary: 44-60 USD/h + VAT on B2B

Working time: 8 hours per day on-demand / on-call during 15:30- 03:30 (Polish time) Sunday – Monday. Rotation is bi-weekly – 7 days of work and 7 days of rest

Cooperation model: B2B

Start date: ASAP

Recruitment process: 2-3 interviews

Technology stack: SIEM tools, O365/Azure, Active Directory / Windows, network and host-based firewalls