The Brattle Group, a privately held, global economics consulting firm, is looking for a Cybersecurity Incident Response Specialist to join our Boston, MA office. The Cyber Security Incident Response Specialist (IRS) is responsible for identifying, containing, and mitigating cybersecurity incidents that impact the firm’s infrastructure, systems, or data. Reporting to the Manager of Cybersecurity., the IRS plays a key role in defending the enterprise against malicious activity by leading real-time response efforts and proactively improving detection and containment capabilities.

• Monitor SIEM and other security tools for abnormal activity and triage alerts in real time.
• Lead investigation and containment of security incidents involving malware, phishing, data leakage, unauthorized access, and system compromise.
• Perform forensic analysis on compromised endpoints and servers to identify root causes and indicators of compromise (IOCs).
• Develop, refine, and implement incident response playbooks for different threat scenarios.
• Provide detailed documentation and post-incident reporting, including lessons learned and remediation strategies.
• Coordinate with IT and Legal teams on incident disclosure and evidence preservation.
• Continuously evaluate incident response tools and techniques for improvement.
• Participate in threat-hunting activities and red/blue team exercises.
• Perform regular Tabletop exercises (TTX) for simulations to test the firm’s ability to respond to cyber security incidents
• Maintain thorough documentation of incident response procedures and timelines.
• Assist with updates to business continuity and disaster recovery plans as they relate to cybersecurity events.
• Support audit and compliance requirements by maintaining evidence of security incidents and actions taken.