This role provides leadership and expertise in advanced cyber incident response, forensic investigations, and security operations automation. The position is responsible for investigating and coordinating responses to cybersecurity incidents, including malware infections, data exfiltration, denial-of-service attacks, insider threats, and other security breaches.

The role works closely with the Security Operations Center (SOC) to triage, investigate, and respond to security alerts, leveraging automation and orchestration to improve response speed and consistency. This individual collaborates with cross-functional teams across IT, network engineering, vulnerability management, and threat intelligence to identify root causes, implement remediation actions, and strengthen the organization's overall security posture.

Additionally, the role supports the development and continuous improvement of incident response processes, detection capabilities, and SOAR playbooks to enhance operational efficiency and reduce response times.

Responsibilities

• Develop, maintain, and improve enterprise incident response plans, procedures, and playbooks aligned with industry frameworks (NIST, MITRE ATT&CK, etc.).
• Lead and coordinate investigation and response activities for cybersecurity incidents including malware, phishing, ransomware, insider threats, and data breaches.
• Work closely with the SOC to triage and investigate alerts, determine incident severity, and drive appropriate response actions.
• Design, develop, and maintain SOAR playbooks and automation workflows to streamline security operations and improve incident response efficiency.
• Conduct in-depth forensic investigations across endpoints, networks, cloud environments, and logs to determine root cause, scope, and impact of incidents.
• Partner with threat intelligence teams to incorporate indicators of compromise (IOCs), threat actor tactics, techniques, and procedures (TTPs), and emerging threats into detection and response workflows.
• Collaborate with engineering, infrastructure, and application teams to implement remediation strategies and preventive controls to reduce future risk.
• Support detection engineering efforts by identifying gaps in security monitoring and helping develop improved alerting and detection capabilities.
• Assist with containment, eradication, and recovery activities following security incidents, ensuring systems and services are restored securely.
• Lead post-incident reviews and root cause analysis to identify lessons learned and drive improvements to detection, response processes, and security architecture.
• Produce clear incident reports and executive summaries for leadership and stakeholders, including recommended improvements.
• Act as a primary point of coordination with internal stakeholders, third-party partners, legal teams, and external agencies when required.
• Monitor emerging threats, vulnerabilities, and attacker techniques to proactively improve detection and response capabilities.
• Partner with vulnerability management and security engineering teams to proactively address security gaps identified during investigations.
• Continuously improve SOC and incident response operations through metrics, automation, and operational maturity initiatives.

Qualifications/ preferred skills

• Experience with SIEM platforms (Splunk, Sentinel, QRadar, etc.)
• Experience with SOAR platforms (XSOAR, Tines, Swimlane, etc.)
• Endpoint detection and response (EDR/XDR) technologies
• Digital forensics and incident response (DFIR) methodologies
• MITRE ATT&CK framework familiarity
• Threat hunting and detection engineering experience
• Scripting or automation experience (Python, PowerShell, APIs)

The anticipated base salary for this position is $120,800-$151,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position.

Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.

SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law.

To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.