Consulting/Principal Security Engineer
LexisNexis · Raleigh, NC · 1 mo ago
Information Technology$105k–$175k/yrFull-time
Job Description
- Provide strategic and tactical incident response leadership, providing management with insight and input into overall security operations decisions based on advances in technology and the evolving threat landscape.
- Serve as the senior incident commander and technical lead for high-severity incidents; drive structured triage, containment, eradication, and recovery across the enterprise.
- Lead and coordinate incident response efforts for high-severity events spanning hybrid and multi-cloud environments (on-prem, AWS, Azure, GCP), ensuring effective containment, eradication, and recovery.
- Own and continuously improve the incident response program: playbooks/runbooks, severity definitions, escalation paths, on-call expectations, evidence handling standards, and crisis communications patterns.
- Plan, run, and mature readiness activities including tabletop exercises and cyber range events; define objectives, measure outcomes, and ensure follow-through on remediation actions.
- Own after-action governance: facilitate post-incident reviews, establish root cause and contributing-factor analysis, drive corrective action plans, and track closure to completion (closed-loop improvement).
- Lead analysis and review of security events for anomalous activity; collaborate with peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
- Drive improvements to detection, investigation, and response processes through lessons learned, measurable corrective actions, and operational performance metrics.
- Drive the design, implementation, and continuous improvement of detection engineering and monitoring capabilities within AWS environments.
- Partner with infrastructure, cloud, endpoint, identity, and application teams to ensure response-ready logging, telemetry, and access to required investigative data sources.
- Provide guidance for threat-informed mitigation and hardening activities resulting from incidents (e.g., containment controls, identity protections, logging improvements, segmentation, credential hygiene).
- Communicate incident status, impact, and risk in executive-ready written and verbal updates; produce high-quality incident summaries and post-incident reports.
- Support compliance and governance efforts by operationalizing response procedures, documenting evidence, and ensuring repeatable execution aligned to policy and regulatory expectations.
- Assess and measure incident response program effectiveness to ensure closed-loop operations (e.g., readiness/exercise cadence, time-to-contain, repeat incident reduction, detection coverage and quality).
Qualifications
- 10+ years of IT security experience, including significant incident response leadership in enterprise environments.
- BS Engineering/Computer Science or equivalent experience required; advanced degree preferred.
- Preferred: incident handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security certification(s) (AWS/Azure/GCP).
Technical Skills
- Advanced knowledge of modern security operations environments, including hybrid enterprise architectures and common attack paths.
- Demonstrated experience leading incident response activities across complex hybrid environments, including on-premises infrastructure and multi-cloud platforms (AWS, Azure, GCP).
- Strong hands-on experience engineering detections, telemetry, and monitoring solutions within AWS (e.g., CloudTrail, GuardDuty, VPC Flow Logs, and related services).
- Expertise in incident command practices: severity assessment, stakeholder coordination, containment strategies, evidence handling, eradication and recovery planning, and post-incident review.
- Strong ability to monitor, triage, and investigate security events; apply structured analysis for anomalous activity and adversary behaviors.
- Experience with enterprise logging and telemetry pipelines, log onboarding strategies, and data quality expectations (coverage, fidelity, retention).
- Experience improving detection quality and signal-to-noise (e.g., tuning, suppression, enrichment, validation, and feedback loops).
- Familiarity with automation/SOAR concepts and scripting for investigation and response workflows (e.g., Python/PowerShell or equivalent).
- Ability to develop and implement incident response programs with measurable outcomes (response readiness, containment speed, detection coverage, exercise cadence).
- Strong organization/project planning, time management, and change management skills across multiple functional groups and departments, including prioritizing work during incident conditions.
- Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating resources necessary to troubleshoot/diagnose complex issues; success translating findings into options/solutions; identifying risks/impacts and schedule adjustments to facilitate management decision-making.
- Advanced communication (verbal and written) and customer service skills, including the ability to brief senior/executive leadership with clear, concise, decision-oriented updates.
U.S. National Base Pay Range
$104,900 - $174,700.
Geographic differentials may apply in some locations to better reflect local market rates.
This job is eligible for an annual incentive bonus.
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.