All roles

Open role

Cybersecurity Engineer - Incident Response & Threat Detection

Remote · Norway Full-time

Job Description

Fragomen, an AmLaw 100 Firm and the leading global immigration services provider, is seeking a Cyber Security Engineer with strong experience in Incident Response, digital forensics, and threat detection to join our Information Security & Cyber Security team. Our industry-leading, immigration-specific technology and infrastructure is undergoing significant transformation, and security is critical to its success. We are seeking a professional who is passionate about protecting the organization, capable of leading response efforts during security incidents, and eager to mature enterprise-wide incident detection, investigation, and response capabilities. You will join a team of security engineers who make security a differentiator in our technology offerings. The successful candidate will play a key role in detecting, investigating, containing, and remediating cyber incidents, while helping to strengthen Fragomen’s overall security posture. How Will You Make a Difference at Fragomen? As a Security Engineer focused on Incident Response, you will: Lead and support end-to-end incident response activities, including detection, analysis, containment, eradication, and recovery. Monitor, investigate, and correlate security alerts using SIEM, EDR, and forensic tools. Perform digital forensic investigations across endpoints, servers, cloud, and network environments. Triage and escalate security events in accordance with established incident response procedures. Develop, maintain, and continuously improve incident response playbooks, SOPs, and workflows. Improve alert quality and response effectiveness through root cause analysis and post-incident reviews. Partner with IT, Legal, Compliance, Privacy, and Risk teams during security incidents. Support regulatory, legal, and client-driven incident response and reporting requirements. Participate in and facilitate incident response tabletop exercises and simulations. Contribute to the design and enhancement of detection, logging, and monitoring capabilities. Provide technical guidance and mentorship to junior analysts and security team members. Required Qualifications 1+ years of experience in cybersecurity, incident response, or security operations. Hands-on experience responding to security incidents in enterprise environments. Strong ability to analyze security events and perform technical investigations. Working knowledge of:TCP/IP, DNS, HTTP/S, VPNs, firewalls, and proxy technologies Windows and Linux operating systems Identity and access systems and authentication mechanisms Experience using SIEM and security platforms such as:Splunk, Microsoft Sentinel, QRadar, ArcSight, ELK, or similar Ability to identify and respond to:Phishing and business email compromise Malware and ransomware Credential compromise Lateral movement and persistence mechanisms Brute-force and privilege escalation attacks Strong written and verbal communication skills, especially during high-pressure incidents. Demonstrated ability to follow structured processes while continuously improving them.

Preferred Qualifications

Experience with EDR, SOAR, and forensic tooling (e.g., CrowdStrike, Defender, Carbon Black, EnCase, Velociraptor, etc.). Experience supporting investigations involving legal, compliance, or regulatory stakeholders. Knowledge of MITRE ATT&CK and modern adversary tactics. Experience with cloud and SaaS incident response (Azure, M365, AWS, etc.). Relevant certifications, including:GIAC (GCIH, GCFA, GCIA) Offensive Security (OSCP, OSCE, OSEE) Vendor certifications (Splunk, Sentinel, CrowdStrike, etc.) All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position’s location, and conducting a comprehensive background check, where permitted by local regulations. We use limited AI‑assisted tools for administrative screening purposes only - never for decision‑making. All hiring decisions are made by people. Applicants may have rights to information and explanations regarding the use of such tools, or request human review, as required by applicable regional laws.

More open positions

Maintenance Technician

Work from home Full-time role

Principal Consultant - Python

Work from home Full-time role

Principal Consultant - Agentic AI Engg.

Work from home Full-time role

Lead Consultant - Java Developer

Work from home Full-time role

Partner Compensation Operations Process Improvement Leader

Work from home Full-time role

K-5 Social Studies Curriculum Writer

Work from home Full-time role

Help Desk Specialist II

Work from home Full-time role

Careercusp Join Concentrix Work From Home: Remote Opportunities

Work from home Full-time role

careerzynith Remote Live Chat Support Specialist – Part‑Time, Work‑From‑Home Customer Service Role

Work from home Full-time role

Regional Sales Director, Australia (Enterprise)

Work from home Full-time role

Equity Research Associate - BioTech

Work from home Full-time role

Clinical Research Associate New United States - Remote

Work from home Full-time role

Associate Solution Consultant (Remote)

Work from home Full-time role

Clinical Research Associate II (FSP)-CART-郑州

Work from home Full-time role

Data Entry Analyst – Urgent Hiring – Advanced Data Management, Quantitative Insight & Business Decision Support Specialist

Work from home Full-time role

Dream Job - People & Culture, Management, & Executive Leadership

Work from home Full-time role

Manager of Fixed Asset Accounting and Capital Planning

Work from home Full-time role

Remote Solar Sales Consultant - Empower Your Career with SecureMyPower

Work from home Full-time role

Account Services Representative - Remote

Work from home Full-time role

Content Marketing Manager (6 Month Contract)

Work from home Full-time role

Interim Finance Consultant – Cash Flow & Forecasting

Work from home Full-time role