Principal Incident Response Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sophos · 3 months ago

Principal Incident Response Engineer

positionUnited States
timeFull-time
remoteHybrid
seniorityLead/Staff
money$173K/yr - $288K/yr
date10+ years exp

Sophos is a global leader in advanced security solutions, specializing in defeating cyberattacks. They are seeking a Principal Incident Response Engineer to lead the response to major cybersecurity incidents, coordinating with customers and internal teams to ensure a secure recovery of business operations.

Cloud SecurityCyber SecurityNetwork SecuritySoftware
badNo H1Bnote

Responsibilities

Serve as a trusted advisor and subject matter expert to customers and guide customers' senior leadership through managing business impacts and risk mitigation associated with a cyber incident or data breach ensuring customer satisfaction
Act as the incident commander in specific engagements and lead company remediation functions coordinating with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats
Develop incident response containment plans and remediation strategies; present strategic and tactical plans both orally and in written reports for customers and all involved third parties
Execute and enhance incident command and remediation workflows, ensuring that defined standards are suitable to support multiple IR service delivery teams for cyber incidents ranging from single system compromises, full network intrusions, and crisis events
Participate in customer outreach and service delivery checkpoint efforts for enterprise tier and incident management retainer customers
Participate in the technical peer review process for cyber incident response and threat hunting engagement deliverables
Coordinate with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats
Deliver Proactive/Readiness engagements and lead customers in the improvement of their cyber security programs
Be a champion of Incident Response and Advisory services through thought leadership, speaking opportunities, and industry events

Qualification

Incident response leadershipCybersecurity operations experienceCyber threat actor TTPsProfessional certificationsProject managementExecutive communicationData privacyMentoring technical teams

Required

Ability to travel on short notice, up to 25%
10+ years of experience in cybersecurity operations, with 3+ years leading incident response teams
Strong executive communication skills (oral and written), including experience briefing senior leadership and customers during high-pressure situations
Deep understanding of cyber threat actor tactics, techniques, and procedures (TTPs) with ability to design and deliver customized remediation plans
Project/program management experience (minimum 3 years) coordinating cross-functional technical teams
Bachelor's degree in a technology or cybersecurity discipline, or 5+ years of equivalent documented experience in relevant roles
Cybersecurity leadership background as a senior security executive or consulting leader in incident response
Direct experience managing and conducting IR investigations involving nation-state, organized crime, or hacktivist actors
Track record of mentoring and leading technical teams in high-stakes environments
Demonstrated success in building IR business and customer relationships
Knowledge of international data privacy regulations and cybersecurity compliance frameworks

Preferred

Professional certifications strongly preferred (e.g., CISSP, CISA, CISM, GCFE)
Military or law enforcement service with exposure to large-scale cybercrime cases or cyber defense operations

Benefits

Employee-led diversity and inclusion networks that build community and provide education and advocacy
Annual charity and fundraising initiatives and volunteer days for employees to support local communities
Global employee sustainability initiatives to reduce our environmental footprint
Global fitness and trivia competitions to keep our bodies and minds sharp
Global wellbeing days for employees to relax and recharge
Monthly wellbeing webinars and training to support employee health and wellbeing

Company

Sophos

twittertwittertwitter
Glassdoor4.0
company-logo
Sophos develops network security and threat management products to protect organizations against malicious acts.
dateFounded in 1985
location
Abingdon, Oxfordshire, GBR
people-size5001-10000 employees
web-link
http://www.sophos.com

Funding

Current Stage
Public Company
Total Funding
$125.01M
2021-08-24Post Ipo Equity· $65.23M
2019-10-14Acquired
2015-06-26IPO

Leadership Team

leader-logo
Joe Levy
Chief Executive Officer
linkedin
leader-logo
Peter Lammer
Co-founder
linkedin

Recent News

CRN
The 10 Biggest Tech M&A Deals Of 2025
2025-12-18
TechTrendsKE
Sophos achieves full detection coverage in 2025 MITRE ATT&CK Enterprise Evaluation
2025-12-16
lankatalks.com
Sophos launches Authorized Training-Center in Colombo in partnership with Sinetcom
2025-12-11
Company data provided by crunchbase