Position Summary
The Principal Engineer, Cyber Incident Response, will serve as a senior technical expert within the global Cyber Defense team. This role is responsible for leading complex investigations, advancing detection and response capabilities, and providing deep technical expertise during major incidents. The Principal Engineer will collaborate closely with global SOC teams, threat intelligence, vulnerability management, and forensics functions to contain, investigate, and eradicate cyber threats. This position requires advanced technical skills in incident response, threat hunting, malware analysis, and forensic investigations, as well as the ability to influence security architecture and detection engineering across the enterprise.
Primary Duties and Responsibilities
- Lead technical response and investigation of complex and high-severity security incidents, including advanced persistent threats, ransomware, and insider activity.
- Provide hands-on expertise in forensic analysis, malware reverse engineering, and threat hunting across endpoints, networks, and cloud environments.
- Develop and refine incident response playbooks, detection rules, and automation to improve SOC efficiency and response times.
- Partner with engineering teams to design and implement resilient detection and response capabilities across SIEM, EDR, SOAR, and cloud platforms.
- Mentor and provide technical guidance to SOC analysts, incident responders, and engineering teams.
- Collaborate with threat intelligence teams to translate threat actor tactics, techniques, and procedures (TTPs) into actionable detection and response strategies.
- Serve as a technical escalation point during major incidents and contribute to root cause analysis and lessons learned reporting.
- Contribute to red/blue/purple team exercises to validate detection and response effectiveness.
- Provide input on security architecture, tooling enhancements, and emerging technologies to strengthen enterprise cyber defense.
What your background should look like
Education and Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent work experience; Master's degree preferred.
- Advanced knowledge of incident response methodologies, digital forensics, malware analysis, and adversary simulation.
- Familiarity with industry frameworks such as NIST, MITRE ATT&CK, and ISO 27035.
Preferred Certifications
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Certified Forensic Analyst (GCFA)
- Offensive Security Certified Professional (OSCP)
- Certified Information Systems Security Professional (CISSP) or equivalent senior-level certification a plus
Work Experience
- 10+ years of progressive experience in cybersecurity, with at least 7 years focused on incident response, threat hunting, or forensic investigations.
- Demonstrated expertise in analyzing and responding to advanced cyber threats in large enterprise environments.
- Hands-on experience with SIEM, EDR, SOAR, and forensic tools (e.g., Splunk, CrowdStrike, EnCase, Magnet, Wireshark).
- Experience with malware reverse engineering, memory forensics, and scripting/automation (Python, PowerShell).
- Proven ability to serve as a technical authority and mentor within a global SOC or incident response team.
- Strong communication skills, with the ability to clearly present complex technical findings to both technical and executive stakeholders.
Schedule
Full time
What the Team is Saying
Similar Jobs
What We Do
Cencora is a leading pharmaceutical solutions organization centered on improving the lives of people and animals everywhere. With 46,000+ global team members, we have the opportunity to make a positive impact on healthcare in communities everywhere. Our team members are empowered to activate their careers through a collective of tools and resources designed to support individual career interests and aspirations. We value our listening culture that actions real outcomes and our team members appreciate and recognize one another for contributions that are making a meaningful global impact. No matter what your role is here, the work we do together has meaning. When you join our team, you become a crucial part of a greater purpose. We’re committed to supporting you personally and professionally, so we can achieve more together at the center of health. Protect yourself from job scams: Recruitment scams are on the rise. To protect yourself, we urge you to be vigilant and follow these guidelines > https://careers.cencora.com/us/en/job-scams
Gallery
Cencora Teams
Cencora Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
