Cyber Incident Response Engineer

Full Time
Boyers, PA
Areas of Interest: All Source Intelligence, Incident Response, Threat Analysis, Vulnerability Assessment and Management
report a problem
Virtual / Telecommute
Remote work is frequently a way to describe working from a home office or being a telecommuter. Depending on the job and company, remote work offers the ability to work from anywhere in the world. To do a remote job, professionals need access to tools like phone/internet service and a quiet place to work without distraction.


Iron Mountain enables 94% of the Fortune 1000 to smartly and securely manage their physical and digital information assets. With unmatched innovation and collaboration, our teams create information management solutions for our customers’ data, no matter what format, location or lifecycle stage it’s in and no matter where it’s kept. We are more than 17,000 people strong and growing. We’ve been a trusted records management leader since 1951.

Iron Mountain is an equal opportunity employer, and does not unlawfully discriminate on the basis of race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, U.S. Military or veteran status or other legally protected classifications in making employment decisions.


The Computer Security Incident Response Team (CSIRT) is responsible for investigating and reporting of information security incidents across the global enterprise. The team coordinates with IT, Legal, Security, Human Resources, Marketing, Communications, and other appropriate business units to gather incident details, assess impact, and coordinate response. The Computer Security Incident Response Engineer reports to the CSIRT Manager and will be responsible for leading the review of information security incidents from identification incident resolution. The CSIRT Engineer will operate as part of Iron Mountain’s Global Cyber Incident Response Center (CIRC) and will have the opportunity to contribute to a highly visible information security function with accountability for managing internal and external security incidents as well as responsibility for enhancing the firm’s posture against evolving threats.

Skills and Requirements
Incident Response

  • Manages information security incidents from triage through resolution.
  • Ability to manage multiple investigations concurrently.
  • Leads a cross-functional team of experts to resolve the incident investigation.
  • Provide timely and relevant updates to appropriate stakeholders and decision makers.
  • Conducts root cause analysis and partners with functional experts to determine the remediation path for incident resolution. Root cause analysis may include, but is not limited to malware analysis, computer forensic analysis, log reviews, personnel interviews, and technical troubleshooting. The CSIRT Engineer will evaluate controls at each level of security defense, from end-point to perimeter.
  • Provides findings to relevant business leadership to help improve information security posture.
  • Validate and maintain incident response plan and processes to address the evolving threat landscape.
  • Create and maintain strong relationships with key partners in the incident response ecosystem and ensure efficient alignment during the investigation process.
  • Compile and analyze data for management reporting and metrics.

Threat Management

  • Manage and analyze threat intelligence data received from cyber threat vendors.
  • Monitor information security related Web sites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (SANS NewsBites, etc.) to stay current on the latest malicious code trends, exploits, and malware.
  • Participate in task forces and working groups that assess Iron Mountain’s threat posture.
  • Analyze potential impact of new threats and exploits and communicate risks to relevant business units.
  • Develop advanced threat detection rules based on the intelligence analysis.


  • Three or more years of practical Cyber Incident Management and Threat Hunting experience.
  • Advanced knowledge of information systems security concepts and technologies; SIEM technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; malware remediation; and computer forensic tools such as EnCase and open source alternatives.
  • Familiarity with security regulatory requirements and standards (such as PCI, HIPPA, FFIEC, etc.).
  • Advanced knowledge and experience with the Windows and Linux operating systems.
  • Working knowledge of and experience in investigating malicious code.
  • Experience with operations processes, such as Six Sigma and a strong understanding of incident, problem, and change management is preferred. Experience implementing compliance standards, such as FFEIC, PCI and HIPAA.
  • Demonstrated ability to apply technical and analytical skills in a security environment
  • Ability to work extremely well under pressure while maintaining a professional image and approach
  • Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause
  • Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports
  • Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants
  • Strong communication skills such as planning and leading effective meetings, conducting structured interviews to collect information, interpersonal and negotiation skills, and presenting to a variety of audiences
  • Advanced skills to present information to stakeholders and/or decision makers in an effective and professional deliverable
  • Experience in the following tools; IBM QRadar SIEM, McAfee ePO, Check Point Next Generation Appliances, McAfee IPS, Damballa Failsafe, Rapid 7/Qualys Vulnerability Management, Wireshark, Riverbed Cascade, Encase, and coding languages such as Perl or Python


  • Bachelor’s degree in information systems, computer science, or related discipline is required.
  • Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical technical backgrounds will also be considered.
  • SANS GSEC certified/qualified
  • SANS GCIH or GCFA, SANS GCIA, and EnCER certification(s) are preferred but not required.

Compliance Obligations:
It is the responsibility of every Iron Mountain employee:

  • to comply with all applicable laws, rules, regulations, and company policies

  • to exhibit ethical behavior in accordance with our Code of Ethics and Business Conduct

  • to complete required training within the allotted time frame


Iron Mountain is an equal opportunity employer, and does not unlawfully discriminate on the basis of race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, U.S. Military or veteran status or other legally protected classifications in making employment decisions.

Requisition # 2017-15218
Job Location(s) US-PA-Boyers
Category Security
Type Full-Time
Work From Home (Virtual) ..


Share this job:

Iron Mountain

Iron Mountain Incorporated (NYSE: IRM) is the global leader for storage and information management services. Trusted by more than 220,000 organizations around the world, Iron Mountain boasts a real estate network of more than 80 million square feet across more than 1,350 facilities in 45 countries dedicated to protecting and preserving what matters most for its customers. Iron Mountain’s solutions portfolio includes records management, data management, document management, data centers, art storage and logistics, and secure shredding help organizations to lower storage costs, comply with regulations, recover from disaster, and better use their information. Founded in 1951, Iron Mountain stores and protects billions of information assets, including critical business documents, electronic information, medical data and cultural and historical artifacts. Visit for more information.
Information Management, Document Management Solutions, Secure Shredding, Data Protection, Archiving, EMR Enablement, Records Storage, Cloud, Scanning and Digitizing, and Business Process Management
Visit Iron Mountain's Social Media pages:
Company Industry: Information Technology and Services
Company Size: 10,001+