Skip to main content
Back to Open Positions

Incident Responder

Security Operations Remote (US) / Catonsville, MD Full-Time $100K–$145K DOE

About the Role

SOClogix is seeking an experienced Incident Responder to lead and execute cybersecurity incident investigations for our managed security clients. You'll be the frontline defender when a breach occurs - conducting triage, containment, eradication, and recovery operations while coordinating with client IT teams and, when necessary, law enforcement. This is a high-impact role that requires composure under pressure, deep technical skills, and the ability to communicate clearly with both technical staff and executive stakeholders.

What You'll Do

  • Lead incident response engagements from initial triage through full remediation and post-incident review
  • Perform digital forensic analysis across endpoints, servers, cloud environments, and network infrastructure
  • Conduct malware analysis, memory forensics, and log analysis to determine scope, root cause, and impact
  • Contain active threats including ransomware, business email compromise, data exfiltration, and insider threats
  • Develop and deliver incident reports with timelines, technical findings, executive summaries, and remediation recommendations
  • Coordinate with client IT teams, legal counsel, insurance carriers, and law enforcement as needed
  • Build and maintain incident response playbooks, runbooks, and escalation procedures
  • Conduct post-incident lessons learned and help clients strengthen their security posture
  • Participate in on-call rotation for emergency incident response (24/7 coverage)

Requirements

  • 3+ years of experience in incident response, digital forensics, or security operations
  • Hands-on experience with forensic tools: Velociraptor, KAPE, FTK, Autopsy, X-Ways, or similar
  • Strong knowledge of Windows and Linux forensic artifacts (event logs, registry, prefetch, $MFT, syslog)
  • Experience investigating ransomware incidents, BEC, lateral movement, and data exfiltration
  • Proficiency with SIEM platforms (OpenSearch, Splunk, Sentinel, or similar) and EDR tools (LimaCharlie, CrowdStrike, SentinelOne)
  • Understanding of MITRE ATT&CK framework and how to apply it to real-world investigations
  • Strong written and verbal communication skills - ability to brief executives and write professional reports
  • At least one relevant certification: GCIH, GCFA, GCFE, GREM, EnCE, or equivalent

Nice to Have

  • GCFA, GNFA, or GREM certification
  • Experience with cloud incident response (Azure AD, M365, AWS CloudTrail)
  • Malware reverse engineering skills
  • Experience working with cyber insurance carriers and breach coaches
  • Scripting skills (Python, PowerShell) for automation and custom tooling
  • Previous MSSP or consulting IR experience

Benefits

  • Competitive salary based on experience
  • Health, dental, and vision insurance
  • 401(k) with company match
  • Unlimited PTO
  • Annual certification and training budget
  • Remote-first culture with flexible scheduling
  • Paid on-call compensation
  • Access to forensic lab and investigation tools

Apply for This Role

Fill out the form below and we'll be in touch.

0/256