Incident Response Engineer

Akkodis is seeking an Incident Response Engineer for a full-time job with a client in Chicago, IL/Cleveland, OH/Columbus, OH (hybrid).

Pay Salary Range:

Chicago, IL - $112k - $139k/year benefits

Cleveland, OH & Columbus, OH - $103k - $128k/year benefits

(The pay salary may be negotiable based on experience, education, geographic location, and other factors.)

Schedule - Mon - Fri (8 am -5 pm CST/EST, hybrid)

Description

The SOC/Incident Response Engineer is responsible for detecting, investigating, and responding to cybersecurity incidents across the Firm.

This role combines threat detection, digital forensics, malware triage, and cloud security expertise to protect organizational assets, reduce risk, and strengthen security posture.

The SOC/Incident Response Engineer will operate within a 24/7 security operations environment, collaborating with cross-functional teams to analyse threats, develop response strategies, and improve detection capabilities.

Qualifications

The SOC/Incident Response (IR) Engineer should have 3–7 years of experience in a Security Operations Center (SOC), incident response, digital forensics, or a closely related cybersecurity discipline.

A strong technical foundation in networking, operating system internals across Windows, Linux, and macOS, identity systems, and modern cloud architectures is essential.

The role requires hands-on experience with leading security technologies, including SIEM platforms such as Microsoft Sentinel or Splunk, endpoint detection and response (EDR) and antivirus tools like Microsoft Defender for Endpoint or CrowdStrike, and forensic toolsets including Velociraptor, Autopsy, FTK, and KAPE.

Experience utilizing malware analysis sandboxes and static analysis frameworks, as well as cloud security tools such as Azure Defender, AWS GuardDuty, and Google Cloud Security Command Center (SCC), is also required.

Familiarity with scripting and automation languages, particularly Python, PowerShell, and KQL, is highly desirable.

Preferred certifications include GIAC GCIA, GCFA, GCIH, or GNFA; AWS Security Specialty or Google Professional Cloud Security Engineer; and industry-recognized credentials such as CISSP, CEH, or CySA (or their equivalents).

Position Responsibilities

Security Monitoring & Threat Detection

1. Monitors SIEM, EDR, NDR, and cloud-native security tools to identify suspicious activity and potential security incidents.

2. Creates, tunes, and optimizes detection rules, correlation logic, and analytic use cases.

3. Conducts threat hunting based on emerging TTPs, threat intel, and anomaly patterns.

4. Maintains and improves alerting fidelity to reduce false positives and enhance detection precision.

Incident Response & Triage

1. Performs initial triage of security alerts to assess severity, impact, and required response actions.

2. Leads full incident lifecycle activities including investigation, containment, eradication, recovery, and post incident analysis.

3. Coordinates with IT, cloud, and business teams to execute IR playbooks and minimize operational impact.

4. Documents incidents, findings, and lessons learned; contribute to after action reviews.

Digital Forensics & Malware Analysis

1. Conducts forensic acquisition and analysis of endpoints, servers, cloud resources, and network artifacts (disk, memory, logs).

2. Examines artifacts such as registry hives, event logs, file systems, network captures, browser history, and persistence mechanisms.

3. Performs malware triage (dynamic and static) to determine malware behavior, indicators of compromise, and propagation mechanisms.

4. Maintains chain-of-custody processes and ensure forensic data integrity for potential legal or compliance requirements.

Cloud Security & IR

1. Monitors and responds to security events within cloud environments (e.g., Azure, AWS, Google Cloud).

2. Investigates cloud-native logs: Azure Activity Logs, AWS CloudTrail, GCP Audit Logs, identity events, network flows, and storage access.

3. Evaluates cloud security posture, identifying misconfigurations, risky access patterns, and drift.

4. Assists in development of cloud detection logic using native tooling (e.g., Azure Sentinel/Microsoft Defender XDR, AWS GuardDuty, GCP SCC).

Security Tooling & Automation

1. Maintains and enhances SOC tooling, dashboards, and automation workflows (SOAR).

2. Builds automated playbooks to speed up triage, enrichment, and response.

3. Integrates new data sources and improve log ingestion pipelines for SIEM/EDR.

Threat Intelligence & Research

1. Utilizes internal and external threat intelligence to contextualize alerts and strengthen detections.

2. Tracks adversary TTPs based on frameworks such as MITRE ATT&CK.

3. Researches emerging threats, vulnerabilities, and malware families.

Collaboration, Compliance & Reporting

1. Partners with governance, engineering, and IT teams to ensure effective remediation and long-term control improvements.

2. Supports audit, compliance, and regulatory requirements related to incident management.

3. Prepares clear, concise technical and executive-level reports.

Key Competencies

1. Analytical mindset with strong problem-solving skills.

2. Ability to work under pressure during active incidents.

3. Excellent written and verbal communication skills.

4. Strong attention to detail and a commitment to continuous improvement.

If you are interested in this Incident Response Engineer job in Chicago, IL/Cleveland, OH/Columbus, OH then please click APPLY NOW. For other opportunities available at Akkodis go to www.akkodis.com. If you have questions about the position, please contact Vishal Sharma at Vishal.Sharma2@akkodisgroup.com

Equal Opportunity Employer/Veterans/Disabled

Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, an EAP program, commuter benefits, and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable. Disclaimer: These benefit offerings do not apply to client-recruited jobs and jobs that are direct hires to a client.

To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit https://www.akkodis.com/en/privacy-policy.

The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:

· The California Fair Chance Act

· Los Angeles City Fair Chance Ordinance

· Los Angeles County Fair Chance Ordinance for Employers

· San Francisco Fair Chance Ordinance