Jobs · Information Technology · North Carolina

Consulting/Principal Security Engineer

LexisNexis · Raleigh, NC · 1 mo ago
Information Technology$105k–$175k/yrFull-time

Job Description

  • Provide strategic and tactical incident response leadership, providing management with insight and input into overall security operations decisions based on advances in technology and the evolving threat landscape.
  • Serve as the senior incident commander and technical lead for high-severity incidents; drive structured triage, containment, eradication, and recovery across the enterprise.
  • Lead and coordinate incident response efforts for high-severity events spanning hybrid and multi-cloud environments (on-prem, AWS, Azure, GCP), ensuring effective containment, eradication, and recovery.
  • Own and continuously improve the incident response program: playbooks/runbooks, severity definitions, escalation paths, on-call expectations, evidence handling standards, and crisis communications patterns.
  • Plan, run, and mature readiness activities including tabletop exercises and cyber range events; define objectives, measure outcomes, and ensure follow-through on remediation actions.
  • Own after-action governance: facilitate post-incident reviews, establish root cause and contributing-factor analysis, drive corrective action plans, and track closure to completion (closed-loop improvement).
  • Lead analysis and review of security events for anomalous activity; collaborate with peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
  • Drive improvements to detection, investigation, and response processes through lessons learned, measurable corrective actions, and operational performance metrics.
  • Drive the design, implementation, and continuous improvement of detection engineering and monitoring capabilities within AWS environments.
  • Partner with infrastructure, cloud, endpoint, identity, and application teams to ensure response-ready logging, telemetry, and access to required investigative data sources.
  • Provide guidance for threat-informed mitigation and hardening activities resulting from incidents (e.g., containment controls, identity protections, logging improvements, segmentation, credential hygiene).
  • Communicate incident status, impact, and risk in executive-ready written and verbal updates; produce high-quality incident summaries and post-incident reports.
  • Support compliance and governance efforts by operationalizing response procedures, documenting evidence, and ensuring repeatable execution aligned to policy and regulatory expectations.
  • Assess and measure incident response program effectiveness to ensure closed-loop operations (e.g., readiness/exercise cadence, time-to-contain, repeat incident reduction, detection coverage and quality).

Qualifications

  • 10+ years of IT security experience, including significant incident response leadership in enterprise environments.
  • BS Engineering/Computer Science or equivalent experience required; advanced degree preferred.
  • Preferred: incident handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security certification(s) (AWS/Azure/GCP).

Technical Skills

  • Advanced knowledge of modern security operations environments, including hybrid enterprise architectures and common attack paths.
  • Demonstrated experience leading incident response activities across complex hybrid environments, including on-premises infrastructure and multi-cloud platforms (AWS, Azure, GCP).
  • Strong hands-on experience engineering detections, telemetry, and monitoring solutions within AWS (e.g., CloudTrail, GuardDuty, VPC Flow Logs, and related services).
  • Expertise in incident command practices: severity assessment, stakeholder coordination, containment strategies, evidence handling, eradication and recovery planning, and post-incident review.
  • Strong ability to monitor, triage, and investigate security events; apply structured analysis for anomalous activity and adversary behaviors.
  • Experience with enterprise logging and telemetry pipelines, log onboarding strategies, and data quality expectations (coverage, fidelity, retention).
  • Experience improving detection quality and signal-to-noise (e.g., tuning, suppression, enrichment, validation, and feedback loops).
  • Familiarity with automation/SOAR concepts and scripting for investigation and response workflows (e.g., Python/PowerShell or equivalent).
  • Ability to develop and implement incident response programs with measurable outcomes (response readiness, containment speed, detection coverage, exercise cadence).
  • Strong organization/project planning, time management, and change management skills across multiple functional groups and departments, including prioritizing work during incident conditions.
  • Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating resources necessary to troubleshoot/diagnose complex issues; success translating findings into options/solutions; identifying risks/impacts and schedule adjustments to facilitate management decision-making.
  • Advanced communication (verbal and written) and customer service skills, including the ability to brief senior/executive leadership with clear, concise, decision-oriented updates.

U.S. National Base Pay Range

$104,900 - $174,700.

Geographic differentials may apply in some locations to better reflect local market rates.

This job is eligible for an annual incentive bonus.

We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.

Similar jobs

Principal Security Engineer

Jeppesen ForeFlightEnglewood, CO· 2 wk ago
Information Technology$180k–$220k/yrapply on recruiting2.ultipro.com