Principal Engineer - Cyber Incident Response

The Principal Engineer, Cyber Incident Response, will serve as a senior technical expert within the global Cyber Defense team. This role is responsible for leading complex investigations, advancing detection and response capabilities, and providing deep technical expertise during major incidents. The Principal Engineer will collaborate closely with global SOC teams, threat intelligence, vulnerability management, and forensics functions to contain, investigate, and eradicate cyber threats. This position requires advanced technical skills in incident response, threat hunting, malware analysis, and forensic investigations, as well as the ability to influence security architecture and detection engineering across the enterprise.

• Lead technical response and investigation of complex and high-severity security incidents, including advanced persistent threats, ransomware, and insider activity.

• Provide hands-on expertise in forensic analysis, malware reverse engineering, and threat hunting across endpoints, networks, and cloud environments.

• Develop and refine incident response playbooks, detection rules, and automation to improve SOC efficiency and response times.

• Partner with engineering teams to design and implement resilient detection and response capabilities across SIEM, EDR, SOAR, and cloud platforms.

• Mentor and provide technical guidance to SOC analysts, incident responders, and engineering teams.

• Collaborate with threat intelligence teams to translate threat actor tactics, techniques, and procedures (TTPs) into actionable detection and response strategies.

• Serve as a technical escalation point during major incidents and contribute to root cause analysis and lessons learned reporting.

• Contribute to red/blue/purple team exercises to validate detection and response effectiveness.

• Provide input on security architecture, tooling enhancements, and emerging technologies to strengthen enterprise cyber defense.

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent work experience; Master's degree preferred.

• Advanced knowledge of incident response methodologies, digital forensics, malware analysis, and adversary simulation.

• Familiarity with industry frameworks such as NIST, MITRE ATT&CK, and ISO 27035.

• GIAC Certified Incident Handler (GCIH)

• GIAC Certified Intrusion Analyst (GCIA)

• GIAC Reverse Engineering Malware (GREM)

• GIAC Certified Forensic Analyst (GCFA)

• Offensive Security Certified Professional (OSCP)

• Certified Information Systems Security Professional (CISSP) or equivalent senior-level certification a plus

• 10+ years of progressive experience in cybersecurity, with at least 7 years focused on incident response, threat hunting, or forensic investigations.

• Demonstrated expertise in analyzing and responding to advanced cyber threats in large enterprise environments.

• Hands-on experience with SIEM, EDR, SOAR, and forensic tools (e.g., Splunk, CrowdStrike, EnCase, Magnet, Wireshark).

• Experience with malware reverse engineering, memory forensics, and scripting/automation (Python, PowerShell).

• Proven ability to serve as a technical authority and mentor within a global SOC or incident response team.

• Strong communication skills, with the ability to clearly present complex technical findings to both technical and executive stakeholders.

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned