Lead Cybersecurity Engineer
Ritchie Bros. · Westchester, IL · 6 days ago
HybridInformation TechnologyFull-time
Responsibilities
- Lead day-to-day security monitoring, detection, and response activities, ensuring high-quality investigations and timely remediation of security events and incidents.
- Serve as Primary Technical Escalation Point. Act as the go-to escalation resource for analysts, providing hands-on guidance for complex investigations and ensuring consistency and depth in investigative outcomes.
- Own Incident Response Lifecycle & Stakeholder Coordination. Lead and coordinate complex security incidents end-to-end, while acting as a liaison between leadership and the SOC—translating strategic direction into actionable tasks and delivering clear, meaningful updates.
- Drive Detection & Response Maturity (SIEM & Tooling). Lead SIEM-driven operations and continuously improve detection capabilities through use-case development, tuning, telemetry optimization, and enhanced coverage across security domains.
- Coordinate SME Programs & Operational Initiatives. Break down strategic cybersecurity objectives into actionable workstreams, track progress, remove blockers, and ensure successful execution of team initiatives.
- Develop & Optimize Playbooks, Processes, and Automation. Create and refine incident response playbooks, SOPs, and automation opportunities to improve consistency, efficiency, and scalability of operations.
- Leverage Metrics & Threat Insights to Drive Improvement. Track key operational metrics (MTTD, MTTR, alert fidelity) and conduct advanced threat analysis to inform decisions, strengthen defenses, and continuously improve security posture.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent practical experience).
- Security+, GCIH, GCIA, GCED, or equivalent certifications.
- 5–8+ years of experience in cybersecurity operations or SOC environments.
- Proven experience leading or coordinating incident response activities.
- Strong hands-on experience with SIEM platforms and building detection-driven operations.
- Strong familiarity with security technologies such as EDR, NDR, email security, WAF, and identity/security monitoring tools.