Incident Response Engineer

Motorola Solutions is seeking a battle-tested Incident Response Engineer to join our world-class security program.You will lead investigations for high-impact events and a proactive hunter tasked with reducing attacker dwell time.  In addition you will lead projects to create new and improve our security capabilities.

Core Focus: Incident Leadership & Response

• Lead High-Impact Incidents: Act as the primary Incident Response Lead (IRL) for complex security events, directing containment, eradication, and recovery.

• Advanced Digital Forensics: Perform deep-dive analysis (host, memory, network) to determine breach scope and impact.

• Root Cause & Remediation: Execute thorough Root Cause Analysis (RCA) and lead After-Action Reviews (AAR) to ensure every incident results in a permanent security improvement.

• Containment Strategy: Develop and deploy immediate strategies to isolate threats and minimize organizational damage.

Detection, Analysis & Hunting

• Proactive Threat Hunting: Design and execute hunt missions to identify undetected malicious activity.

• Detection Engineering: Tune SIEM/EDR rules and develop high-fidelity detections based on Purple Team findings and emerging threat intel.

• Malware Analysis: Conduct static and dynamic analysis to understand adversary TTPs and extract actionable IOCs.

• SOC Escalation: Serve as the final technical authority for high-priority security anomalies.

Strategy & Process Improvement

• Playbook Development: Create and refine IR plans, runbooks, and SOPs to automate repetitive tasks and increase efficiency.

• Security Architecture: Evaluate and tune security tools (SOAR, EDR, SIEM) to enhance global posture.

• Mentorship: Coach junior staff on advanced forensic techniques and investigative logic.

Basic Requirements

• 2+ years of experience in a similar position

• Proven track record leading high-severity investigations and mentoring junior analysts through complex response efforts.

• Advanced experience using SIEM (Palo Alto XIAM, Google SecOps, Splunk SIEM) and SOAR (Palo Alto XSOAR, XSIAM) tools to detect, investigate, and automate threats.

• Deep familiarity with MITRE ATT&CK and the Cyber Kill Chain to identify and pivot on attack TTPs across Windows, Linux, and MacOS.

• Ability to build tools and automate workflows using Python, PowerShell, or Bash.

• Skilled at distilling complex technical data into succinct reports and able to support high-pressure incidents 

• Willing to work during non-standard hours and be part of an on-call rotation schedule.