Incident Response Eng

About the role

At ATS, you’ll join a dedicated team focused on Incident Detection & Response, working to protect the people, processes, and technology of our organization. We are seeking an experienced and adaptable Security Operations Engineer to join our Cybersecurity team. This role reports to the Cybersecurity Manager and will play a critical part in responding to cybersecurity incidents across the enterprise.

What you'll do

• Serve as a primary responder to security incidents, including the monitoring, triaging, and investigation of security alerts in a timely manner.
• Collaborate with cross‑functional teams to document, enhance, and coordinate Incident Response processes.
• Maintain and organize Cybersecurity documentation, including the creation and upkeep of incident response playbooks.
• Participate in and/or lead incident post‑mortems, distilling lessons learned into actionable recommendations and comprehensive written reports.
• Analyze logs and EDR telemetry across a variety of systems, including medical devices, cloud applications, workstations, and data exchange platforms.
• Conduct investigations across Windows, Linux, iOS, and cloud platforms using SIEM tools and manual log analysis.
• Participate in a global on‑call rotation.
• Identify opportunities for automation and for improving detection capabilities.
• Perform proactive threat hunting to identify emerging tactics, techniques, and procedures (TTPs).
• Assess and respond to new and evolving threats using threat intelligence to evaluate likelihood and organizational impact.
• Assist in forensic acquisition, malware analysis, and network analysis.

Qualifications

• Bachelor’s degree in a related field or equivalent experience required; Cybersecurity certifications strongly preferred.
• 6+ years of experience in Cybersecurity, including direct incident handling/response.
• Strong understanding of Cybersecurity tools, technologies, and methodologies.
• Working knowledge of common IT technologies and operational processes.
• Familiarity with relevant frameworks and standards, such as MITRE ATT&CK and ITIL.
• Solid understanding of risk management principles and practices.
• Proven ability to translate abstract requirements into clear, actionable steps.
• Excellent written and verbal communication skills, including the ability to convey technical concepts to non‑technical audiences.
• Strong work ethic with exceptional attention to detail and organizational skills.
• Ability to prioritize and multitask effectively in a fast‑paced environment.
• Capable of working both independently and collaboratively within a team.
• Conceptual understanding of software development methodologies.
• Experience with application security, SaaS, or cloud security is a plus.
• Experience with programming or scripting languages is a plus.
• Familiarity with cloud environments (e.g., AWS, Azure) and automation frameworks.