Engineer III – Cyber Incident Response

About Myhrabc

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

Job Summary

The Engineer III, Cyber Incident Response, is a senior technical role within the Security Operations Center (SOC) responsible for leading complex incident investigations and supporting the continuous improvement of detection and response capabilities. This role provides advanced technical expertise in identifying, analyzing, containing, and remediating cyber threats.

Key Responsibilities

• Lead the investigation and resolution of complex security incidents, including advanced persistent threats, ransomware, phishing campaigns, and insider activities.
• Perform forensic analysis across endpoints, networks, and cloud environments to identify root causes and scope of compromise.
• Develop and enhance incident response playbooks, runbooks, and detection use cases.
• Collaborate with threat intelligence, vulnerability management, and countermeasures teams to strengthen defenses.
• Escalate high-severity incidents to senior leadership and provide clear, actionable reporting.
• Act as a technical escalation point for Engineer I/II analysts during incident investigations.
• Contribute to red team and purple team exercises to validate and improve response capabilities.
• Participate in after-action reviews and lessons-learned sessions to improve SOC processes.
• Mentor and train junior engineers on incident response best practices and investigative techniques.

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent work experience; Master’s degree preferred.
• Strong knowledge of incident response methodologies, digital forensics, and adversary tactics.
• Familiarity with security frameworks such as NIST, MITRE ATT&CK, and ISO 27035.
• 5–7 years of progressive experience in cybersecurity, with at least 3 years in incident response or SOC operations.
• Hands-on experience with SIEM, EDR, SOAR, and forensic tools (e.g., Splunk, CrowdStrike, EnCase, Wireshark).
• Proven ability to investigate advanced threats and coordinate response activities across teams.
• Demonstrated success in mentoring junior analysts and improving SOC processes.

Preferred Certifications

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)