Key skills
AWSAzureSplunkSaaSCommunication
About this role
Fragomen, an AmLaw 100 Firm and the leading global immigration services provider, is seeking a Cyber Security Engineer with strong experience in Incident Response, digital forensics, and threat detection to join our Information Security & Cyber Security team. The successful candidate will play a key role in detecting, investigating, containing, and remediating cyber incidents, while helping to strengthen Fragomen’s overall security posture.
Responsibilities:
- Lead and support end-to-end incident response activities, including detection, analysis, containment, eradication, and recovery
- Monitor, investigate, and correlate security alerts using SIEM, EDR, and forensic tools
- Perform digital forensic investigations across endpoints, servers, cloud, and network environments
- Triage and escalate security events in accordance with established incident response procedures
- Develop, maintain, and continuously improve incident response playbooks, SOPs, and workflows
- Improve alert quality and response effectiveness through root cause analysis and post-incident reviews
- Partner with IT, Legal, Compliance, Privacy, and Risk teams during security incidents
- Support regulatory, legal, and client-driven incident response and reporting requirements
- Participate in and facilitate incident response tabletop exercises and simulations
- Contribute to the design and enhancement of detection, logging, and monitoring capabilities
- Provide technical guidance and mentorship to junior analysts and security team members
Requirements:
- 1+ years of experience in cybersecurity, incident response, or security operations
- Hands-on experience responding to security incidents in enterprise environments
- Strong ability to analyze security events and perform technical investigations
- Working knowledge of: TCP/IP, DNS, HTTP/S, VPNs, firewalls, and proxy technologies
- Working knowledge of: Windows and Linux operating systems
- Working knowledge of: Identity and access systems and authentication mechanisms
- Experience using SIEM and security platforms such as: Splunk, Microsoft Sentinel, QRadar, ArcSight, ELK, or similar
- Ability to identify and respond to: Phishing and business email compromise
- Ability to identify and respond to: Malware and ransomware
- Ability to identify and respond to: Credential compromise
- Ability to identify and respond to: Lateral movement and persistence mechanisms
- Ability to identify and respond to: Brute-force and privilege escalation attacks
- Strong written and verbal communication skills, especially during high-pressure incidents
- Demonstrated ability to follow structured processes while continuously improving them
- Experience with EDR, SOAR, and forensic tooling (e.g., CrowdStrike, Defender, Carbon Black, EnCase, Velociraptor, etc.)
- Experience supporting investigations involving legal, compliance, or regulatory stakeholders
- Knowledge of MITRE ATT&CK and modern adversary tactics
- Experience with cloud and SaaS incident response (Azure, M365, AWS, etc.)
- Relevant certifications, including: GIAC (GCIH, GCFA, GCIA), Offensive Security (OSCP, OSCE, OSEE)
- Vendor certifications (Splunk, Sentinel, CrowdStrike, etc.)