Cybersecurity Incident Response Engineer
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Incident Response Execution: Leads and supports investigation, containment, and remediation of cybersecurity incidents, including ransomware, account compromise, phishing, and data leakage across enterprise environments.
- Operational Monitoring: Monitors and responds to security events across endpoints, networks, cloud services, applications, databases, and third-party environments.
- Threat Detection & Analysis: Collects, correlates, and analyzes data from multiple internal and external sources to identify anomalies, validate threats, and support threat hunting activities.
- Stakeholder Coordination: Serves as a key point of contact during incidents, collaborating with cybersecurity leadership, IR teams, and cross-functional stakeholders.
- Root Cause & Reporting: Performs root cause analysis, prioritizes findings, and documents incidents from initial detection through post-incident review and lessons learned.
- Security Engineering & Optimization: Improves detection and response capabilities through playbook development, workflow optimization, and alignment with KPIs and SLAs.
- Program Maturity & Continuous Improvement: Participates in tabletop exercises, vulnerability assessments, and post-incident reviews to identify gaps and strengthen IR capabilities.
- Cross-Functional Collaboration: Works closely with infrastructure, IT, vulnerability management, threat intelligence, and application security teams to enhance security posture.
- Forensics & Evidence Handling: Ensures proper evidence collection, preservation, and chain of custody in support of investigations.
- Communication & Documentation: Clearly communicates incident details, risks, and recommendations to technical and non-technical stakeholders.
- Continuous Learning & Awareness: Stays current on emerging threats and shares knowledge to elevate team capability and organizational readiness.
- Other duties as assigned.
- Key Competencies
- Conflict Navigation: Communicate issues to management with a plan to address/solve them.
- Collaboration: Must be able to work well with others and have an open personality regarding work.
- Communication Skills: The ability to decipher complex technical terms into everyday language for others to understand.
- Solution-Oriented: Able to identify solutions to problems both independently and with guidance from leadership.
- Skills and Abilities
- Must have a Bachelor's degree in Computer Science or Information Technology
- Bilingual in English and Spanish required.
- Advanced understanding and proficiency with Windows and macOS operating systems.
- Experience configuring, deploying and using multiple security IR solutions such as SIEM, SOAR, playbooks and Endpoint Detection and Response (EDR) tools.
- In depth knowledge of cloud services, third party risk management, and application security.
- Familiarity with regulatory and compliance requirements such as PCI, CCPA, GDPR.
- Threat Knowledge & TTPs: Maintains strong understanding of attacker methodologies, including escalation, lateral movement, and evolving tactics, techniques, and procedures.
- Strong verbal and written communication skills.
- Ability to work both independently and collaboratively in a team environment.
- Five or more experience with Security Operations Center and Incident Response preferred .
- Understanding of threats and vulnerabilities, as well as principles of incident response and root cause analysis.
- Committed to building and strengthening a culture of inclusion within and across teams.
- Identifies and aligns with WWF's core values: COURAGE - We demonstrate courage through our actions, we work for change where it's needed, and we inspire people and institutions to tackle the greatest threats to nature and the future of the planet, which is our home.
- INTEGRITY - We live the principles we c
Additional Information
Major Function The Cybersecurity Incident Response (IR) Engineer at WWF protects the organization's global mission by designing and operating capabilities to detect, investigate, and respond to cyber threats in WWF US and its Country Offices. The role works closely with security leadership and cross-functional teams to coordinate response efforts and strengthen security posture across WWF's operations. The engineer leads technical investigations, containment, and remediation of incidents while developing automation, playbooks, and improved detection capabilities. Using data-driven analysis and threat intelligence, the role assesses risk and implements solutions that enhance resilience and reduce exposure. Success requires strong technical expertise, an engineering mindset, and the ability to translate complex security issues into business impact in a mission-driven environment.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at Worldwildlifefundinc1? Share your experience