Security Specialist - Incident.io
Careers
Security Specialist - Incident.io
Employment:
Full-time
Setup:
WFH
We are seeking a skilled Security Specialist to own the configuration, optimization, and integration of incident.io and a suite of core security tools across our environment. This role sits at the intersection of security engineering and operations, ensuring our incident management platform is tuned for rapid response and that our security toolstack — spanning endpoint, email, DNS, identity, and SIEM — is consistently configured, monitored, and improved.
The ideal candidate is hands-on, detail-oriented, and comfortable managing multiple security platforms simultaneously. You will serve as the subject-matter expert for incident.io and act as a force multiplier for the security team by reducing alert fatigue, automating response workflows, and producing actionable documentation for both internal and stakeholder audiences.
Key Responsibilities
Incident Management Platform
Deploy, configure, and maintain incident.io as the primary incident management platform across internal environments.
Design and manage incident workflows, severity tiers, escalation paths, and on-call schedules.
Build and refine incident templates, runbooks, and post-incident review (PIR) processes within incident.io.
Integrate incident.io with alerting sources (Microsoft Defender, CrowdStrike, Cloudflare) and communication platforms (Slack, Microsoft Teams).
Develop automation rules and triggers to reduce manual triage effort and accelerate
MTTD and MTTR metrics.
Monitor platform health, manage user roles and permissions, and produce incident trend reports for leadership review.
Security Tool Configuration & Operations
Administer different security platform settings including endpoint protection, email security, and cloud app coverage.
Manage Cloudflare Gateway, WARP, and DNS firewall rules to enforce network-layer security for client environments.
Develop and refine KQL-based Advanced Hunting queries, analytics rules, and detection logic in Microsoft Sentinel.
Perform EDR platform onboarding, health monitoring, and coverage gap analysis across Windows, macOS, and mobile endpoints.
Incident Response & SOC Support
Act as Tier 2/3 escalation point for SOC analysts during active incidents, providing tool expertise and triage guidance.
Conduct root-cause analysis and threat attribution for security events including phishing campaigns, endpoint compromises, and suspicious network activity.
Produce formal incident reports, executive summaries, and remediation recommendations for leadership and stakeholders.
Documentation & Continuous Improvement
Author and maintain SOPs, configuration guides, and runbooks for all managed security tools and incident.io workflows.
Identify gaps in detection coverage, tool configurations, or process workflows and drive remediation efforts.
Track and report on key security metrics: alert volume, MTTD, MTTR, false positive rates, and tool coverage.
Requirements
Required Qualifications
3+ years of experience in a security operations, security engineering, or incident response role.
Hands-on experience configuring and operating incident.io or a comparable incident management platform (e.g., PagerDuty, Opsgenie, FireHydrant).
Proficiency with Microsoft 365 security tools: Defender for Endpoint, Defender for Office 365, Microsoft Sentinel, and Entra ID.
Experience writing KQL queries for log analysis, threat hunting, and detection rule development.
Familiarity with Cloudflare security products (Gateway, WARP, DNS Firewall) or equivalent DNS/network-layer security platforms.
Strong understanding of the MITRE ATT&CK framework, common threat actor TTPs, and incident classification methodologies.
Excellent written communication skills with ability to produce clear, client-ready technical reports and documentation.
