SOC/Incident Response Engineer
$112k - $139kBenesch
Who We Are At Benesch we pride ourselves on exceeding expectations and building trust not only with our clients but with our employees - Benesch's #1 asset. Committed to providing not only the highest level of legal service to our clients, Benesch also aspires to create a positive work environment for our employees. Our Firm continues to earn placement on Chicago and Cleveland's Top Workplaces list, along with Cleveland's NorthCoast 99 Top Workplaces rankings. We also continue to advance on the AmLaw 150 list, placing us among the top 150 law firms in the country. Benesch is proud to be recognized for being a Firm that attracts and retains top talent - making Benesch a great place to work. We offer a hybrid schedule, career development and growth, transparent and visible leadership teams, and a place where diversity, equity and inclusion is celebrated. In addition, the Firm offers a full array of benefits which can be viewed at Working with Us - Come and "Be Benesch!" We are one of the fastest growing firms in the nation, and have offices in Chicago, Columbus, San Francisco, New York City, and Wilmington. We continue to expand our geographic footprint and value the talent that comprises each of our locations. If you are someone who champions a First in Service approach and are ready to be part of an exciting and growing Firm, we would invite you to apply to join our team. Want to know more? To hear from some of our team, click here: Benesch is proud to announce the opening for a SOC/Incident Report Engineer in our Chicago office! This position is hybrid and has work from home flexibility. Position Summary Are you excited about detecting and resolving cybersecurity threats and incidents? Do you find it a challenge to help an organization reduce threats and enhance their security? Does working with teams to develop strategies to improve detection capabilities? Then you may be interested in our SOC/Incident Report Engineer position. This role is perfect for the individual looking to play a crucial role in Benesch's security initiatives. The SOC/Incident Response Engineer is responsible for detecting, investigating, and responding to cybersecurity incidents across the Firm. This role combines threat detection, digital forensics, malware triage, and cloud security expertise to protect organizational assets, reduce risk, and strengthen security posture. The SOC/Incident Response Engineer will operate within a 24/7 security operations environment, collaborating with cross-functional teams to analyze threats, develop response strategies, and improve detection capabilities. Position Responsibilities Security Monitoring & Threat Detection Monitors SIEM, EDR, NDR, and cloud-native security tools to identify suspicious activity and potential security incidents. Creates, tunes, and optimizes detection rules, correlation logic, and analytic use cases. Conducts threat hunting based on emerging TTPs, threat intel, and anomaly patterns. Maintains and improves alerting fidelity to reduce false positives and enhance detection precision. Incident Response & Triage Performs initial triage of security alerts to assess severity, impact, and required response actions. Leads full incident lifecycle activities including investigation, containment, eradication, recovery, and post-incident analysis. Coordinates with IT, cloud, and business teams to execute IR playbooks and minimize operational impact. Documents incidents, findings, and lessons learned; contribute to after-action reviews. Digital Forensics & Malware Analysis Conducts forensic acquisition and analysis of endpoints, servers, cloud resources, and network artifacts (disk, memory, logs). Examines artifacts such as registry hives, event logs, file systems, network captures, browser history, and persistence mechanisms. Performs malware triage (dynamic and static) to determine malware behavior, indicators of compromise, and propagation mechanisms. Maintains chain-of-custody processes and ensure forensic data integrity for potential legal or compliance requirements. Cloud Security & IR Monitors and responds to security events within cloud environments (e.g., Azure, AWS, Google Cloud). Investigates cloud-native logs: Azure Activity Logs, AWS CloudTrail, GCP Audit Logs, identity events, network flows, and storage access. Evaluates cloud security posture, identifying misconfigurations, risky access patterns, and drift. Assists in development of cloud detection logic using native tooling (e.g., Azure Sentinel/Microsoft Defender XDR, AWS GuardDuty, GCP SCC). Security Tooling & Automation Maintains and enhances SOC tooling, dashboards, and automation workflows (SOAR). Builds automated playbooks to speed up triage, enrichment, and response. Integrates new data sources and improves log ingestion pipelines for SIEM/EDR. Threat Intelligence & Research Utilizes internal and external threat intelligence to contextualize alerts and strengthen detections. Tracks adversary TTPs based on frameworks such as MITRE ATT&CK. Researches emerging threats, vulnerabilities, and malware families. Collaboration, Compliance & Reporting Partners with governance, engineering, and IT teams to ensure effective remediation and long-term control improvements. Supports audit, compliance, and regulatory requirements related to incident management. Prepares clear, concise technical and executive-level reports. Key Competencies Analytical mindset with strong problem-solving skills. Ability to work under pressure during active incidents. Excellent written and verbal communication skills. Strong attention to detail and a commitment to continuous improvement. Qualifications The SOC/Incident Response (IR) Engineer should have 3–7 years of experience in a Security Operations Center (SOC), incident response, digital forensics, or a closely related cybersecurity discipline. A strong technical foundation in networking, operating system internals across Windows, Linux, and macOS, identity systems, and modern cloud architectures is essential. The role requires hands‑on experience with leading security technologies, including SIEM platforms such as Microsoft Sentinel or Splunk, endpoint detection and response (EDR) and antivirus tools like Microsoft Defender for Endpoint or CrowdStrike, and forensic toolsets including Velociraptor, Autopsy, FTK, and KAPE. Experience utilizing malware analysis sandboxes and static analysis frameworks, as well as cloud security tools such as Azure Defender, AWS GuardDuty, and Google Cloud Security Command Center (SCC), is also required. Familiarity with scripting and automation languages, particularly Python, PowerShell, and KQL, is highly desirable. Preferred certifications include GIAC GCIA, GCFA, GCIH, or GNFA; AWS Security Specialty or Google Professional Cloud Security Engineer; and industry‑recognized credentials such as CISSP, CEH, or CySA+ (or their equivalents). The salary range for this position is $112K to $139K. Please note that quoted salary ranges are based on Benesch's good faith belief at the time of the job posting and are not a guarantee of what final salary offers may be. Base pay is based on market location and may vary depending on job‑related knowledge, skills, and experience. Base pay is only one part of the Total Rewards that Benesch provides to compensate and recognize our staff professionals for their work. Full‑time positions are eligible for a discretionary bonus and a comprehensive benefits package. Benesch is an equal opportunity employer. We strongly value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability (where applicant is qualified to perform the essential functions of the job with or without reasonable accommodations), medical condition, protected veteran status, gender identity, genetic information, or any other characteristic protected by federal, state, or local law. Applicants who are interested in applying for a position and require special assistance or an accommodation during the process due to a disability should contact the Benesch Human Resources Department by phone at View phone number on click.appcast.io or email Christine Watson at View email address on click.appcast.io. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities #J-18808-Ljbffr Benesch
- ...Associate to provide technical triage and operational support across core platforms. You will enhance incident response effectiveness and collaborate with engineering and business teams to diagnose issues and improve operational stability. The ideal candidate will have...Suggested
$40 - $45 per hour
Job Summary Our client is seeking a highly skilled Incident Response Analyst to detect, respond to, and mitigate security incidents. The analyst... ...work experience) At least 1 year of experience as a SOC or Incident Response Analyst Proficiency in cybersecurity EDR...SuggestedHourly payWork experience placement$139.12k - $208.68k
A leading grocery retailer is seeking a Security Engineering Manager in Chicago to safeguard its technology environment. This role handles security policies, manages the incident response plan, and investigates potential threats. Candidates should have at least 10 years...SuggestedFlexible hours- ...areas of inspiration and expand your capabilities, then consider a career in Advisory. We are currently seeking a Manager, Incident Response to join our Advisory practice. Responsibilities Lead and manage cyber incident response activities, including triage, containment...SuggestedFull timeWork experience placementH1bLocal area
$87.7k - $164k
...Ernst & Young Oman is seeking a Cyber Triage and Forensics Incident Analyst based in Chicago, IL. This role involves investigating and... ...or a related field and over 5 years of experience in incident response, with a focus on digital forensics. A robust understanding of malware...SuggestedFlexible hours- Adyen is seeking an experienced professional for incident management in San Francisco. The role involves monitoring platform performance, coordinating incident responses, and ensuring effective communication with merchants. Successful candidates will have 5+ years in incident...
$40 - $45 per hour
KellyMitchell Group is seeking an Incident Response Analyst to work onsite in Arlington Heights, IL. This role involves monitoring security incidents, conducting analyses, and preparing incident reports. The selected candidate will work closely with cross-functional teams...Hourly pay- Loyalty360 is seeking a Major Incident Management (MIM) Analyst responsible for leading responses to major incidents. The MIM Analyst ensures collaboration across teams, effective communication, and adherence to ITIL standards. Ideal candidates will possess a bachelor’s...
- Ahold Delhaize USA is looking for a Major Incident Management (MIM) Analyst to lead the response to major incidents, ensuring swift resolution and effective communication. This role requires a Bachelor's degree and 3+ years of incident management experience, overseeing...Remote workFlexible hours
- Crowe is seeking an Incident Response Manager in Chicago, United States, to manage complex cybersecurity incidents and mentor a team of responders. This senior position involves technical leadership and client relationship management. The ideal candidate will combine deep...
- ...Analyst in Chicago, Illinois. Under the direction of the Chief Information Security Officer, you will analyze security events, lead incident response efforts, and develop incident response documentation. Ideal candidates should possess a Bachelor's degree in a related field...
- ViziRecruiter,LLC. is seeking a Major Incident Management (MIM) Analyst responsible for leading incident responses across teams. This role ensures effective communication and management of major incidents. Candidates must have a bachelor's degree and 3+ years of relevant...Flexible hours
- ...A leading cyber insurance provider is seeking an Incident Manager in Chicago to lead responses to cyber events such as ransomware and data theft. The role involves ensuring client communication, managing the incident lifecycle, and collaborating with teams to support policyholders...
- ...enhance our services. Join us at Crowe and embark on a career where you can help shape the future of our industry. Job Description: Incident Response Manager Position Summary The Incident Response Manager serves as a senior technical leader responsible for managing complex...
$107k - $214.5k
...no one like you and that’s why there’s nowhere like RSM. The RSM Cyber Response team leads organizations through some of their most consequential cyber events. The DFIR Manager serves as both incident commander and engagement leader, overseeing multiple complex matters...Work experience placementLocal area$80k - $90k
Amount is looking for a Production Support Engineer to manage production issues efficiently. This role involves troubleshooting technical issues, managing incident lifecycles, and ensuring stakeholder communication. Successful candidates will have SQL skills, experience...Remote jobNight shiftAfternoon shift- Accenture is seeking a hands-on technical leader for their Cyber Investigation and Forensic Response (CIFR) practice in Chicago. The candidate will excel in incident response and digital forensics, conducting complex analyses, mentoring investigators, and communicating...
- RSM US LLP is seeking a DFIR Lead to oversee cyber incident responses, particularly during severe ransomware incidents in Chicago. In this role, you will lead multiple engagements, ensuring quality responses and aligning with technical, legal, and executive teams. Ideal...
- ...General is seeking a Senior Cybersecurity Operations Analyst responsible for analyzing security events and identifying potential threats... ...comprehensive analyses of network events and act as the lead incident response handler. The successful candidate must have a Bachelor...Work at office
$100k - $154.5k
...of choice. At Adyen, everything we do is engineered for ambition. For our teams, we create... ...performance, coordinating and commanding incidents, communicating with our customers,... ...incidents, ensuring a rapid and effective response across teams. Represent the customer perspective...Temporary workFixed term contractShift work$84.9k - $104k
...DESCRIPTION JOB TITLE: Chief Building Engineer LOCATION/DEPT: Harbor Light... ...Light Center. ESSENTIAL DUTIES AND RESPONSIBILITIES # As a member of the Freedom Center... ...fences, and light poles. # Report any incidents, which may include photographs and a written...For contractorsWork at officeWeekend work$112.5k - $187.5k
...role will report to a DevOps Director. The Site Reliability Engineering team drives reliability strategy, elevates engineering standards... ..., owning complex capacity and security work, or anchoring incident response with calm and maturity, your impact will be felt across the...Full timeTemporary workWork experience placementWork at officeFlexible hours2 days per week- Allergan in Chicago is seeking a Principal Quality Engineer - DevOps to ensure compliance in IT operations and software lifecycle... ...automation initiatives and continuous improvements while managing incident responses and regulatory audits. This position offers a competitive...
$125.83k - $221.28k
...Site Reliability Engineering Manager At the Federal Home Loan Bank of Chicago, employees... ...process improvement Develop and maintain incident management processes, including severity... ...conducting or leading incident response and postmortem processes ~ Outstanding...Work at officeRemote work- ...runs on any standard device or OS and is engineered to operate in DDIL (Denied, Degraded,... ...for all SLA performance metrics including response time objectives: Critical and High severity... ...including timely alert of ice-dod-incident-support, DoD lead, and senior management...Full timeImmediate startRemote work
$125.83k - $221.28k
...We are building a new Site Reliability Engineering function and need a leader to... ...education rather than direct authority. Responsibilities Shape how Reliability Engineering is practiced... ...improvement. Develop and maintain incident management processes, including severity...Flexible hours- ...Envista Forensics is seeking a Project Electrical Engineer to conduct forensic investigations related to electrical incidents and failures, working closely with a multidisciplinary team of engineers and experts. Responsibilities Investigate electrical failures, defects, or...
- ...Gain familiarity with corporate culture Responsibilities Has a substantial understanding of the... ...procedures Site Administration & Incident Support Performs moderately difficult... ...experience w/1-4 years in Mechanical Engineering or related field Comprehensive knowledge...Contract workTraineeshipInternshipWork at office
$73.45k - $132.78k
...Description Leidos Engineering offers its knowledge and expertise over a wide area of... ...offer include (but are not limited to) responsibilities of the job, education, experience,... ...local law enforcement and report the incident to the U.S. Federal Trade Commission...Local areaImmediate startRemote work- ...Automation Specialist to join the team responsible for the daily operations, automation, and... ...partner to traders, researchers, and engineers across the firm. You will take full ownership... ...for critical operational decisions and incidents Lead post‑mortem processes, driving...Work at officeWorldwide
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to SOC/Incident Response Engineer. Be the first to apply!




