Incident Response Engineer (CrowdStrike & Automation)

Salary is 140k to 160k + bonusWe are seeking an Incident Response Engineer to join our cybersecurity operations team, with a focus on threat detection, incident response, and endpoint security automation. This role will leverage CrowdStrike and scripting/automation tools to rapidly detect, investigate, and respond to security incidents across the enterprise.Key ResponsibilitiesMonitor, investigate, and respond to security incidents using CrowdStrike Falcon and related security toolsPerform endpoint threat analysis, triage alerts, and execute containment and remediation actionsLead incident response activities including investigation, escalation, and coordination across IT and security teamsDevelop and maintain response playbooks, procedures, and documentation for security incidentsAutomate repetitive security operations tasks using scripting (Python preferred)Analyze malware, endpoint behavior, and attack patterns to identify root cause and impactSupport vulnerability management and threat hunting activitiesCollaborate with infrastructure and operations teams to improve detection and response capabilitiesParticipate in post-incident reviews and drive continuous improvement of security processesRequired Skills & ExperienceHands-on experience with CrowdStrike Falcon (or similar EDR platforms)Strong understanding of incident response processes and cybersecurity principlesExperience performing endpoint investigations and threat analysisScripting experience (Python strongly preferred; PowerShell a plus)Familiarity with Windows and/or Linux environmentsUnderstanding of common attack vectors, malware behavior, and security controlsExperience working in a security operations or incident response teamPreferred SkillsExperience with SOAR tools or security automation frameworksFamiliarity with log analysis, SIEM platforms, and threat intelligence toolsExposure to cloud environments (AWS, Azure, or GCP)Experience building automation to improve SOC efficiency or reduce response timeSecurity certifications (e.g., Security+, GCIH, GCFA, or equivalent)About the RoleThis role is part of a security operations function focused on rapid detection and response to cyber threats. You will work closely with IT and security teams to contain incidents, improve visibility across endpoints, and build automation that strengthens the organization's overall security posture using CrowdStrike and modern scripting tools.