Lead Security Incident Response Engineer

Overview

What We Do

We calm the confusion of IT by guiding the connection between people and technology. If a customer is looking for a better way to manage their warehouse inventory, equip their workforce, or secure their data, we make it happen. All it takes is finding the right combination of tech hardware, software, cloud solutions, and support services. That’s what we do. We’re the IT Department’s IT Department.

Who We Are

Our team is made stronger by a multitude of backgrounds, experiences, and perspectives. It’s what makes Connection unique—what drives us to innovate and create technology solutions that stand apart from the crowd. We’d love for you to be a part of that fabric, to share your ideas and experiences with a team that thrives on fresh thinking, creativity, and helping others.

Why You Should Join Us

You’ll find supportive teammates and a rewarding career at Connection—plus great benefits. We take pride in supporting employees with a total rewards package that provides financial, emotional, and physical resources for you and your family. Our compensation, 401k plans, medical insurance, and other benefits are progressive and competitive. We value the importance of our employees’ emotional wellbeing. To support employees, we provide free therapy visits, mental health coaching and tools, and meditation resources. You’ll also enjoy a generous paid time off package that includes not only vacation and sick time, but also Wellness and Volunteer Time Off days.

Responsibilities

The Lead Security Incident Response Engineer is responsible for incident response and management, monitoring and alert handling, security operations management, threat intelligence and mitigation, policy and compliance management, as well as training and mentoring junior engineers.

• Incident Response, Management, and Coordination:
• Leads investigations of security breaches, attacks, or incidents.
• Coordinates with internal and external teams to mitigate ongoing attacks.
• Oversees post-incident review sessions with clients and recommend corrective actions.
• Develops and executes incident response plans ensuring appropriate stakeholders are informed and involved.
• Maintains communication with defined key stakeholders during an active incident.
• Monitoring and Alert Handling:
• Works with SOC teams to develop and fine tune Security Information and Event Management (SIEM) systems for monitoring client networks.
• Analyzes alerts from firewalls, intrusion detection systems (IDS), and other tools as needed
• Prioritizes alerts and determine severity, providing actionable recommendations to security teams.
• Stays updated on emerging threats, vulnerabilities, and attach techniques in order to integrate in the teams detection and response strategies.
• Security Operations Management:
• Assigns tasks, prioritize incidents, and leads the team’s response during threat analysis and incident handling.
• Ensures compliance with operational procedures and service level agreements (SLAs).
• Collaborates with the SOC (Security Operations Center) to address potential risks and vulnerabilities.
• Provides guidance and technical direction during active security incidents.
• Conducts post-incident team meetings to review lessons learned and increase the teams effectiveness.
• Threat Intelligence and Mitigation:
• Stays updated on emerging threats, vulnerabilities, and attack vectors
• Works with SOC teams to ensure accurate detection and response strategies are in place.
• Conducts vulnerability assessments and recommend patches or mitigation strategies.
• Coordinates penetration tests and red team exercises to assess security posture.
• Policy and Compliance Management:
• Ensures compliance with relevant standards (e.g., ISO 27001, NIST, GDPR, SOC2, HIPAA).
• Implements and enforces security policies, procedures, and governance frameworks.
• Collaborates with audit and compliance teams to prepare reports.
• Training and Development:
• Mentors junior engineers and analysts and provides guidance on security best practices.
• Conducts security awareness training for technical and non-technical staff.
• Facilitates tabletop exercises and incident response drills for the organization.
• Collaboration Across Teams:
• Works closely with IT, DevOps, network, and business teams to align security efforts.
• Coordinates with third-party vendors, and/ or regulatory bodies as needed.
• Acts as a point of contact for escalations regarding
  
  
  

Min

USD $117,692.00/Yr.

Max

USD $153,000.00/Yr.

Qualifications

• Proficiency in security tools such as SIEMs, firewalls, IDS/IPS, endpoint detection and response (EDR), and vulnerability management tools.
• Strong leadership and team management skills to coordinate efforts across internal and external security teams.
• Ability to translate complex technical security findings into business-level reports and communicate with both technical and non-technical stakeholders.
• Analytical mindset for diagnosing issues and quickly addressing security incidents.
• Familiarity with frameworks such as NIST, CIS Controls, ISO 27001, and regulatory requirements.
• Experience working as a mentor of a team
• C ISSP, C EH, CCSP, SANS GIAC, SANS GCIH, or other vendor specific security certifications preferred