Astound Broadband is seeking a Cyber Security Engineer to enhance their security architecture and respond to cyber threats. The role involves leading security operations, managing incident responses, and improving the organization's security posture.
Responsibilities:
- Lead and oversee 24/7 security operations, including monitoring, detection, triage, and incident response across enterprise environments (endpoint, network, identity, and cloud)
- Own the end-to-end incident response lifecycle - including identification, containment, eradication, recovery, and post-incident analysis, ensuring rapid, consistent, and high-quality execution
- Drive root cause analysis, blast radius determination, and implementation of corrective and preventive actions
- Establish, maintain, and continuously improve incident response playbooks, escalation procedures, and operational runbooks to enhance response effectiveness and reduce dwell time
- Act as the primary escalation point for high-severity or complex security incidents, providing technical leadership, decision-making authority, and real-time guidance during active events
- Lead advanced threat hunting operations using hypothesis-driven methodologies, leveraging EDR/XDR telemetry, SIEM data, network traffic, identity signals, and threat intelligence aligned to MITRE ATT&CK
- Design, develop, and optimize detection engineering capabilities, including SIEM correlation rules, behavioral analytics, and custom detections to improve coverage and reduce false positives
- Drive integration and tuning of security technologies (e.g., CrowdStrike, SIEM, SOAR, vulnerability scanners), ensuring alignment to enterprise risk priorities and operational efficiency
- Define and track key SOC performance metrics (e.g., MTTD, MTTR, alert fidelity, containment time) to measure operational effectiveness and drive continuous improvement
- Lead cross-functional coordination during incidents, partnering with IT, infrastructure, cloud, legal, HR, and executive leadership to ensure effective response and communication
- Translate technical incidents into business impact, delivering clear, concise updates to leadership and facilitating decision-making at the executive level
- Oversee vulnerability management efforts by correlating scan results with asset criticality, exploitability, and threat intelligence to drive risk-based prioritization
- Lead post-incident reviews, tabletop exercises, and continuous improvement initiatives to strengthen organizational resilience and reduce repeat incidents
- Mentor and develop SOC analysts and incident responders, establishing investigation standards, quality controls, and career development pathways
- Ensure proper evidence handling, forensic integrity, and audit-ready documentation aligned with regulatory frameworks (e.g., NIST, CMMC, PCI)
- Identify emerging threats, adversary trends, and attack patterns, and operationalize insights into improved detections, controls, and defensive strategies
- Analyze alerts to determine legitimacy and potential impact
- Identify indicators of compromise (IOCs) and attacker tactics, techniques, and procedures (TTPs)
- Escalate confirmed threats in accordance with established playbooks and procedures
- Perform initial triage and investigation of security incidents
- Other duties as assigned
Requirements:
- 7+ years of Cyber Security experience
- Demonstrated knowledge of actively debugging attacks
- Expertise with Identity & Access, End Point Detection and Multi-Factor Authentication
- Experience with NGFW, IDS/IPS, WAF, Proxy, PKI and Advanced Threat Protection, cloud, automation, and scripting
- Ability to juggle multiple priorities where you are the driving force, ensuring completion and on-time delivery
- Excellent written and verbal communication skills in a clear business relevant manner that is adjusted to the audience; up, down and across the organization
- Proven independent decision making in high stress environment
- Ability to collaborate, mentor and training members of the team
- Demonstrated passion for security and self-driven to one day become an expert
- Proven ability to rapidly learn and retain new technologies
- Excellent interpersonal, customer support, verbal and technical writing skills; be a self-starter with the ability to achieve deadline-driven priorities
- Demonstrated ability to collaborate and work in a team environment, exhibit professional initiative, self-direction, willingness, and ability to document knowledge and share with others is required
- Strong communication skills and creativity as a problem solver is a must
- Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience)