Back to Open Positions
Incident Responder
Security Operations Remote (US) / Catonsville, MD Full-Time $100K–$145K DOE
About the Role
SOClogix is seeking an experienced Incident Responder to lead and execute cybersecurity incident investigations for our managed security clients. You'll be the frontline defender when a breach occurs - conducting triage, containment, eradication, and recovery operations while coordinating with client IT teams and, when necessary, law enforcement. This is a high-impact role that requires composure under pressure, deep technical skills, and the ability to communicate clearly with both technical staff and executive stakeholders.
What You'll Do
- Lead incident response engagements from initial triage through full remediation and post-incident review
- Perform digital forensic analysis across endpoints, servers, cloud environments, and network infrastructure
- Conduct malware analysis, memory forensics, and log analysis to determine scope, root cause, and impact
- Contain active threats including ransomware, business email compromise, data exfiltration, and insider threats
- Develop and deliver incident reports with timelines, technical findings, executive summaries, and remediation recommendations
- Coordinate with client IT teams, legal counsel, insurance carriers, and law enforcement as needed
- Build and maintain incident response playbooks, runbooks, and escalation procedures
- Conduct post-incident lessons learned and help clients strengthen their security posture
- Participate in on-call rotation for emergency incident response (24/7 coverage)
Requirements
- 3+ years of experience in incident response, digital forensics, or security operations
- Hands-on experience with forensic tools: Velociraptor, KAPE, FTK, Autopsy, X-Ways, or similar
- Strong knowledge of Windows and Linux forensic artifacts (event logs, registry, prefetch, $MFT, syslog)
- Experience investigating ransomware incidents, BEC, lateral movement, and data exfiltration
- Proficiency with SIEM platforms (OpenSearch, Splunk, Sentinel, or similar) and EDR tools (LimaCharlie, CrowdStrike, SentinelOne)
- Understanding of MITRE ATT&CK framework and how to apply it to real-world investigations
- Strong written and verbal communication skills - ability to brief executives and write professional reports
- At least one relevant certification: GCIH, GCFA, GCFE, GREM, EnCE, or equivalent
Nice to Have
- GCFA, GNFA, or GREM certification
- Experience with cloud incident response (Azure AD, M365, AWS CloudTrail)
- Malware reverse engineering skills
- Experience working with cyber insurance carriers and breach coaches
- Scripting skills (Python, PowerShell) for automation and custom tooling
- Previous MSSP or consulting IR experience
Benefits
- Competitive salary based on experience
- Health, dental, and vision insurance
- 401(k) with company match
- Unlimited PTO
- Annual certification and training budget
- Remote-first culture with flexible scheduling
- Paid on-call compensation
- Access to forensic lab and investigation tools
Apply for This Role
Fill out the form below and we'll be in touch.