Senior Security Incident Response Engineer

About Acrisure

A global fintech leader, Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together, we connect clients with customized solutions across a range of insurance, reinsurance, payroll, benefits, cybersecurity, mortgage services – and more.

In the last eleven years, Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 19,000 colleagues in more than 20 countries. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win.

Job Summary:

The Senior Incident Response Engineer will lead advanced security incident response efforts, focusing on Microsoft E5 security capabilities and Data Loss Prevention (DLP). This role combines technical expertise with leadership responsibilities, ensuring robust detection, containment, and remediation of threats while driving proactive security measures across the enterprise.

Responsibilities:

Incident Response:

• Detect, analyze, and respond to security incidents detected by EDR, SIEM, and Cloud Security tooling as well as MDR service providers.
• Lead post-incident reviews and drive process improvements.
• Perform advanced threat hunting using Microsoft Defender and related tools.
• Integrate threat intelligence and adapt detection strategies based on real world threats observed by the organization.
• Conduct forensic data acquisition, log analysis, and root cause determination for endpoint incidents.
• Develop and maintain incident response playbooks and runbooks across the security operations toolset.
• Collaborate with analysts and other IR engineers to identify opportunities for improvement and tuning of detection rules.
• Collaborate with IT, legal, HR, communications, and other business units

Microsoft Security & Policy Design:

• Collaborate on the design, implementation, and maintenance of security policies for Microsoft security components, including:
  • Defender for Endpoint
  • Defender for Cloud Apps
  • Microsoft Purview DLP
  • Intune
  • Conditional Access & Information Protection
• Regularly review and update policies based on evolving threats and lessons learned.
• Collaborate with compliance and IT teams to enforce security standards and regulatory requirements.

Requirements:

• Proficiency with Microsoft 365 Security Suite as well as other security tooling such as SentinelOne, Google SecOps, Abnormal Security, and others.
• Strong experience with incident response, digital forensics, and threat hunting across a hybrid environment.
• Knowledge of endpoint operating systems (Windows, macOS, and Linux).
• Experience with cloud environments such as Azure, AWS, and GCP.
• Experience with scripting (PowerShell, Python, or Bash) for automation and log parsing desired.
• Embrace a metric-driven approach to continuous improvement.
• Excellent analytical and critical thinking skills; ability to work in high-pressure situations.
• Effective verbal and written communication abilities.
• Meticulous with strong organizational skills and the ability to handle multiple priorities.
• Ability to work independently and within a collaborative, team-oriented environment.

Education and Experience:

• Minimum 5 years of progressive information security experience.
• At least 4 years focused on incident response, including investigations across different security domains (endpoint, application, DLP, and more).
• Expertise in Infrastructure Security: In-depth understanding of infrastructure security, including Windows, Active Directory, Unix/Linux, Mobile Security, and Privileged Access Management. 
• Relevant certifications (one or more preferred): GCFA, GCIH, CHFI, CySA+, MS SC-200, MS SC-400 or similar.

#LI-CH1

Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.

Why Join Us:

At Acrisure, we’re building more than a business, we’re building a community where people can grow, thrive, and make an impact. Our benefits are designed to support every dimension of your life, from your health and finances to your family and future.

Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children's Hospital in Grand Rapids, Michigan, UPMC Children's Hospital in Pittsburgh, Pennsylvania and Blythedale Children's Hospital in Valhalla, New York.

Employee Benefits

We also offer our employees a comprehensive suite of benefits and perks, including:

• Physical Wellness: Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.

• Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.

• Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.

• Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.

• … and so much more!

This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.

Acrisure is an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, religion, sex, national origin, disability, or protected veteran status. Applicants may request reasonable accommodation by contacting [email protected].

California Residents: Learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy.

Recruitment Fraud: Please visit here to learn more about our Recruitment Fraud Notice.

Welcome, your new opportunity awaits you.