Incident Response Engineer (CrowdStrike & Automation)

Phaxis
New York, US
On-site

Job Description

Salary is 140k to 160k + bonus

We are seeking an Incident Response Engineer to join our cybersecurity operations team, with a focus on threat detection, incident response, and endpoint security automation. This role will leverage CrowdStrike and scripting/automation tools to rapidly detect, investigate, and respond to security incidents across the enterprise.

Key Responsibilities

  • Monitor, investigate, and respond to security incidents using CrowdStrike Falcon and related security tools
  • Perform endpoint threat analysis, triage alerts, and execute containment and remediation actions
  • Lead incident response activities including investigation, escalation, and coordination across IT and security teams
  • Develop and maintain response playbooks, procedures, and documentation for security incidents
  • Automate repetitive security operations tasks using scripting (Python preferred)
  • Analyze malware, endpoint behavior, and attack patterns to identify root cause and impact
  • Support vulnerability management and threat hunting activities
  • Collaborate with infrastructure and operations teams to improve detection and response capabilities
  • Participate in post-incident reviews and drive continuous improvement of security processes

Required Skills & Experience

  • Hands-on experience with CrowdStrike Falcon (or similar EDR platforms)
  • Strong understanding of incident response processes and cybersecurity principles
  • Experience performing endpoint investigations and threat analysis
  • Scripting experience (Python strongly preferred; PowerShell a plus)
  • Familiarity with Windows and/or Linux environments
  • Understanding of common attack vectors, malware behavior, and security controls
  • Experience working in a security operations or incident response team

Preferred Skills

  • Experience with SOAR tools or security automation frameworks
  • Familiarity with log analysis, SIEM platforms, and threat intelligence tools
  • Exposure to cloud environments (AWS, Azure, or GCP)
  • Experience building automation to improve SOC efficiency or reduce response time
  • Security certifications (e.g., Security+, GCIH, GCFA, or equivalent)

About the Role

This role is part of a security operations function focused on rapid detection and response to cyber threats. You will work closely with IT and security teams to contain incidents, improve visibility across endpoints, and build automation that strengthens the organization's overall security posture using CrowdStrike and modern scripting tools.

Skills & Requirements

Technical Skills

Crowdstrike falconScripting/automation toolsPythonPowershellWindowsLinuxMalware analysisEndpoint behavior analysisAttack pattern analysisVulnerability managementThreat huntingInfrastructure and operationsSecurity operationsIncident responseSoar toolsSecurity automation frameworksLog analysisSiem platformsThreat intelligence toolsCloud environments (aws, azure, gcp)Security certifications (security+, gcih, gcfa)Security+GcihGcfaCybersecurity

Salary

$140,000 - $160,000

year

Employment Type

FULL TIME

Level

senior

Posted

5/7/2026

Continue to LinkedIn

You will be redirected to the job posting on LinkedIn.

Sign in and we'll score your resume against this role.

Find Similar Jobs

Browse roles in the same category, level, and remote setup.

Sign in to open the target role workbench.