Security Specialist, Incident Response


Manager, Technical



Start Date:


Travel Requirements:

Up to 10%

Position Description

The Security Specialist is responsible for leading, coordinating, and delivering proactive and reactive Incident Response services GreyCastle Security provides, including: Compromise Assessment, Threat Hunting, Digital Forensics, and reactive Incident Response.

The Security Specialist will work directly with organizations, legal counsel, law enforcement, and other entities to respond to, and mitigate security incidents while ensuring impact is minimized of current and future security incidents for clients.

GreyCastle Security has responded to hundreds of security incidents in all industries and organization sizes, ranging from small businesses to Fortune 500 organizations. While performing Incident Response services, the Security Specialist will hunt for, analyze, correlate, and mitigate threats associated with external, internal, and nation state attacks.

Position Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Lead and communicate with organizations who are experiencing security incidents including but not limited to: Ransomware infections, malicious software infections, account compromises, data breaches, and other security incidents.
  • Lead and communicate with organizations while performing proactive Incident Response services, including Compromise Assessments, Threat Hunting, and Managed Detection & Response efforts.
  • Perform Digital Forensics on varying type of devices, services, and systems.
  • Regular on-call scheduling outside of normal business operating hours to respond to reactive security incidents.
  • Corporate Responsibility

    Information security is everyone’s responsibility. GreyCastle Security employees are responsible for:

  • Understanding and following GreyCastle Security’s information security policies and procedures
  • Remaining vigilant and reporting any suspicious activity or possible weaknesses in GreyCastle Security’s information security
  • Actively participating in GreyCastle Security’s efforts to maintain and improve information security
  • Other job duties and responsibilities as assigned

Supervisory Responsibility

This position has no supervisory responsibilities.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.

This position requires the ability to occasionally lift office products and supplies, up to 20 pounds.

Required Skills and Qualifications

  • Proficiency with major operating systems
  • Uncompromising ethics and confidentiality
  • Outstanding communication skills, both written and verbal
  • Outstanding organization skills, attention to detail a must
  • Outstanding decision-making ability
  • Energetic and positive attitude
  • Willingness and ability to work in a team-oriented, fast-paced environment
  • Willingness and ability to work relentlessly towards goals and deadlines

Desired Skills and Qualifications

  • Experience with Endpoint Detection and Response technology, such as Carbon Black, CrowdStrike, Microsoft ATP, or other solutions
  • Experience with Security Information and Event Management systems, such as Elastic Stack, Splunk, or other solutions

Required Education and Experience

  • Bachelors or Associates degree in related field or equivalent experience
  • 3+ years of experience in the cybersecurity industry working with business customers
  • Extensive, demonstrated knowledge and experience responding to, or investigating security incidents and modern cybersecurity threats
  • Demonstrated technical background and extensive experience of general Information Technology
  • Experience and extensive knowledge performing Digital Forensics and associated processes and technology
  • Experience and extensive knowledge of common business services, such as Microsoft 365, G-Suite, cloud hosted services (e.g. AWS, Azure), and/or other operational technology
  • Experience with programming and/or scripting languages, such as PowerShell, Python, PHP, or other languages
  • Extensive knowledge or experience with networking and network protocols

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Equal Opportunity Employer

GreyCastle Security is an equal opportunity employer, and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or protected veteran status, or any other protected factors or classes.

GreyCastle Security is a Drug Free Workplace. All employment offers are contingent on passing a background screening and drug screen test.