Find Jobs Find Talent
L3 Cybersecurity Incident Response Engineer
St. Paul, Minnesota  |  Remote
Contract Position
It appears that you have already applied to this job.
Applied on May 29, 2023
Job Id #63192 Posted May 22, 2023

Job Description:
  • The person filling the position of L3 Cybersecurity Incident Response Engineer will join Client Information Security, Risk and Compliance organization as part of a team focused on the ongoing development and operations of Client global Cyber Fusion Center.
  • The L3 Cybersecurity IR Engineer will be engaged to respond, scope, mitigate, and remediate the most complex cybersecurity incidents.
  • They will be expected to utilize forensic methodologies to investigate potential cybersecurity incidents to include: evidence handling/chain of custody; acquiring data remotely in a forensically sound manner; utilizing multiple artifacts to identify threat actor/malware activity, analyzing output from various technologies in order to effectively investigate potential compromise; and delivering clear written reports to the cybersecurity team.
Primary Responsibilities include but are not limited to the following:
  • Responsible for leading incident response and cyber forensic investigations for the most complex cybersecurity incidents, including developing a detailed case timeline tracking relevant log artifacts
  • Collect and investigate host-based forensic artifacts to determine threat actor and/or malware activity on a suspected compromised host
  • Utilize host, identity, and network artifacts to track lateral movement activity
  • Identify the root cause of complex cyber incidents and develop recommendations to prevent recurrence
  • Provide feedback to security solutions specialists on cyber defense best practices to combat dynamic cyber threats
  • Provide Subject Matter Expertise on relevant cyber threat actor methodologies, including recommendations for detection and prevention
  • Develop and review technical training materials for L1/L2 CSOC analysts
  • Provide guidance, training, and feedback to CSOC analysts
Basic Qualifications:
  • 5-6 years of security experience with at least 4 of those years within cyber incident response
  • 2 years of cyber forensic response
  • Expert knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence, and coordinate a unified security response
  • Experience using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise
  • Experience leading technical incident response assessment during high stress crisis events
  • Strong knowledge of host, identity, and network artifacts utilized during IR
  • Strong knowledge of network protocols and ability to perform analysis of associated network logs
  • Fluent in speaking and writing English
Required: SANS GCFA (Certified Forensic Analyst)

Preferred Qualifications:
  • University Degree in MIS, Computer Science, or related field from a recognized college or university
  • Experience automating processes with scripting languages such as Python and Powershell
  • Experience working with RESTful APIs
  • CISSP or related certification
  • Works with moderate work direction, and can identify issues/problems but may need assistance in resolving and is responsible for implementing tasks assigned for a corporate pricing application. Possesses the ability to help junior configuration engineer’s initial setup and development locally.
  • Possess the ability to implement tasks according to established development standards including local configuration, unit testing and debugging processes and escalate issues as they arise.
  • Posses the ability to handle complex assignments with supervision from a more senior configuration engineer.
Duties and Responsibilities:
  • CE-I plus.
  • Ability to troubleshoot issues within the application.
  • Reporting status and completion percent to the Lead CE.

Horizontal is proud to be an Equal Opportunity and Affirmative Action Employer. We seek to provide employment opportunities to talented, qualified candidates regardless of race, color, sex/gender including gender identity and/or expression, national origin, religion, sexual orientation, disability, marital status, citizen status, veteran status, or any other protected classification under federal, state or local law.

In addition, Horizontal will provide reasonable accommodations for qualified individuals with disabilities. If you need to request a reasonable accommodation in order to complete the application or interview process, please contact

All applicants applying must be legally authorized to work in the country of employment.


What is your gender?

What is your ethnicity?

What is your Veteran / U.S. Military Status?

Do you identify with one or more of the classifications of protected veterans below?

If yes, please indicate by checking the appropriate box below

Do you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Horizontal is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.


You have saved your first job! To see all your Saved Jobs, click here. Or continue scrolling through jobs and bookmark openings that catch your eye and apply for those jobs later.

Return to Job Search

We’re sorry!

There are currently no open positions in your location or accepting applications from out of the country

Return to Home
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.