Staff Incident Response Specialist

Join ABBYY and be part of a team that celebrates your unique work style. With flexible work options, a supportive team, and rewards that reflect your value, you can focus on what matters most – driving your growth, while fueling ours. Our commitment to respect, transparency, and simplicity means you can trust us to always choose to do the right thing. As a trusted partner for purpose-built AI and intelligent automation, we solve highly complex problems for our enterprise customers and put their information to work to transform the way they do business. Over 10,000 customers trust ABBYY, including many Fortune 500 ones. You will work on further developing a portfolio already containing client names such as DHL, Johnson Johnson, FDA, DMV, PwC, KeyBank, Spotify, and HR BLOCK. As part of our commitment to cybersecurity, we are looking for a skilled Incident Response Specialist to join our growing security operations team. In this role, you will play a crucial part in responding to, mitigating, and recovering from security incidents, ensuring that threats are identified and neutralized quickly to protect our infrastructure. You’ll work alongside a team of experts to continuously improve our incident response processes and reduce the organization's exposure to cyber risks. The Incident Response Specialist will be responsible for detecting, investigating, and responding to security incidents across the organization. This includes identifying malicious activity, performing forensic analysis, coordinating response efforts, and helping to remediate incidents while minimizing business impact. You will be a key player in our security operations, applying your expertise to prevent incidents and strengthen our security posture. Job Responsibilities: Incident Detection Analysis: Monitor security alerts and logs from various sources, such as SIEMs, endpoint detection tools, firewalls, and IDS/IPS systems, to detect and analyze potential security incidents. Incident Response Mitigation: Respond to security incidents by following established incident response processes. Identify, contain, and mitigate threats across network, cloud, and endpoint environments to limit damage and prevent escalation. Forensic Investigation: Perform forensic analysis to investigate security events, determine the scope and cause of incidents, and collect evidence for further analysis. Utilize tools such as EnCase, FTK, or open-source forensic tools for disk and memory analysis. Collaboration Escalation: Work closely with internal teams, including IT, network operations, legal, and compliance, to coordinate incident response and escalation. Provide technical expertise and guidance throughout the response process. Incident Documentation Reporting: Maintain detailed documentation of security incidents, including timelines, actions taken, lessons learned, and any recommendations for future prevention. Provide reports to management and other stakeholders, summarizing incidents and outcomes. Root Cause Analysis Remediation: After an incident is contained, lead root cause analysis (RCA) efforts, identify weaknesses, and work with IT and engineering teams to implement corrective measures to prevent future incidents. Continuous Improvement: Contribute to the development and refinement of incident response procedures, playbooks, and runbooks. Recommend improvements to tools, processes, and technologies to enhance detection and response capabilities. Security Monitoring Threat Intelligence: Stay up to date on the latest threats, vulnerabilities, and attack techniques by researching current cyber threats and integrating relevant threat intelligence into response strategies. Apply threat intelligence to improve detection and response efforts. Training Awareness: Provide support in training and awareness initiatives for staff to improve overall incident response readiness. Assist in running tabletop exercises, simulation drills, and incident response ... (truncated, view full listing at source)