Genesys empowers organizations of all sizes to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, organizations can accelerate growth by delivering empathetic, personalized experiences at scale to drive customer loyalty, workforce engagement, efficiency and operational improvements.

We employ more than 6,000 people across the globe who embrace empathy and cultivate collaboration to succeed. And, while we offer great benefits and perks like larger tech companies, our employees have the independence to make a larger impact on the company and take ownership of their work. Join the team and create the future of customer experience together.

Job Title: Principal Security Engineer - Cyber Security Incident Response Team

Department & Team: Information Security
Location: Remote within US

The Principal Security Engineer – Cyber Security Incident Response Team leads strategic and high-impact incident response initiatives, providing expert-level guidance in digital forensics, malware analysis, threat hunting, and SIEM operations across on-prem and cloud environments. This role requires deep technical proficiency, leadership in complex investigations, and the ability to influence stakeholders at all levels while mentoring junior staff and driving operational maturity. Ideal candidates will bring extensive hands-on experience with adversary tactics, automation, and cross-functional collaboration, while also shaping enterprise-wide detection and response.

The Principal Security Engineer – Cyber Security Incident Response Team leads the investigation, containment, and remediation of complex cyber threats, leveraging deep expertise in incident response, digital forensics, malware analysis, and SIEM operations across cloud and on-prem environments.

Key Responsibilities:

• Implements strategic goals established by functional leadership and creates operational plans to achieve these goals.
• Works on significant issues that require conceptual thinking and understanding to solve.
• Creates networks with both senior leaders and junior individual contributors, providing thought leadership for the organization in their specific area.
• Responsible for managing project initiatives of strategic importance to the organization.
• Implements strategic plans established by functional leadership to achieve operational and/or commercial goals. Establishes approaches and tactics to achieve these goals, with a short- to medium-term impact. Leads and contributes to the development of organizational objectives and principles to achieve goals in creative and effective ways.
• Works on significant and unique issues where analysis of situations or data requires an evaluation of broadly-defined variables. Requires conceptual thinking to comprehend the complex problems and their implications. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results. Accountable for results, which may impact their entire function or geography.
• Creates formal networks involving coordination among groups, including senior leaders and junior individual contributors. Focuses on providing thought leadership and works on broader organization projects, which require an understanding of the wider business. Requires conveying advanced information and persuading several diverse internal and external stakeholders/audiences, including clients and/or vendors. Recognized internally as a subject matter expert and may direct the activities of others.
• Frequently responsible for providing guidance, coaching and training to other employees across the Company within area of expertise.
• Typically responsible for managing project initiatives of strategic importance to the organization, which may involve cross-functional teams. May be assigned with and lead direct reports, but generally fewer than three and without headcount/budget ownership.

Minimum Requirements:

• Length of Experience: A minimum of 4 years of related experience with a Bachelor’s degree, 8 years and a Master’s degree with 12+ years of experience or equivalent. Barriers to entry may require committee/functional leadership review.
• Extensive Incident Response Experience: Demonstrated expertise in managing complex security incidents from detection through remediation with the ability to lead technical investigations, develop containment strategies, and execute eradication plans.
• Digital Forensice: Extensive experience with forensic acquisition and analysis of endpoints, memory, and network traffic, and use of tools such as EnCase, FTK, or open-source forensics tools.
• Deep Knowledge of Security Technologies: Familiarity with EDR, SIEM, SOAR, forensic tools, and packet capture analysis, with a strong understanding of endpoint and network-based detection methods.
• Operational Proficiency with SIEM Tools: Ability to query, analyze, and correlate security events across diverse log sources, with experience creating and tuning detection rules, alerts, and dashboards.
• Familiarity with incident triage workflows and log normalization within a SIEM.
• Malware Analysis & Threat Hunting: Capability to analyze malware behavior (both static and dynamic analysis), and a strong background in threat hunting using indicators of compromise (IOCs), TTPs, and behavioral patterns.
• Scripting and Automation Skills: Proficiency in scripting languages such as Python, PowerShell, or Bash, and the ability to automate incident response tasks and develop custom tools.
• Understanding of Adversary Tactics (MITRE ATT&CK): Possess an in-depth knowledge of attacker lifecycle, persistence mechanisms, lateral movement, and privilege escalation.
• Cloud Security Experience: Familiarity with security operations in cloud environments (e.g., AWS, Azure, O365) and experience investigating cloud-based threats and misconfigurations.
• Compliance and Regulatory Knowledge: Understanding of relevant compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
• Communication and Reporting: Strong written and verbal communication skills for executive and technical reporting, with the ability to build or customize playbooks and automated response workflows.
• Leadership: Experience briefing leadership during high-impact incidents, with the ability to coordinate across teams during incidents (Legal, IT, Communications), with demonstrated leadership in high-pressure environments.
• Non-Standard Work Hours Mandatory: Required to work non-standard business hours, including evenings, weekends, and holidays, as needed to respond to high-priority cyber threats and security incidents in a timely manner. There is no overtime pay associated with non-standard work hours.

Desirable Skills:

• Advanced threat intelligence and third-party investigations.
• Proficiency with tools like IDA Pro, Ghidra, or OllyDbg to reverse malware binaries.
• Familiarity with offensive security techniques and how adversaries operate.
• Experience designing or participating in simulations to improve detection and response.
• Knowledge of secure network architecture, segmentation, and access controls.
• Ability to advise on hardening infrastructure post-incident.
• Familiarity with breach notification procedures for GDPR, CCPA, etc.

#LI-Remote

Compensation:

This role has a market-competitive salary with an anticipated base compensation range listed below. Actual salaries will vary depending on a candidate’s experience, qualifications, skills, and location. This role might also be eligible for a commission or performance-based bonus opportunities.

Benefits:

• Medical, Dental, and Vision Insurance.

• Telehealth coverage

• Flexible work schedules and work from home opportunities

• Development and career growth opportunities

• Open Time Off in addition to 10 paid holidays

• 401(k) matching program

• Adoption Assistance

• Fertility treatments

More details about our company benefits can be found at the following link: https://mygenesysbenefits.com

If a Genesys employee referred you, please use the link they sent you to apply.

About Genesys:

Genesys empowers more than 8,000 organizations in over 100 countries to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, Genesys delivers the future of CX to organizations of all sizes so they can provide empathetic, personalized experience at scale. As the trusted platform that is born in the cloud, Genesys Cloud helps organizations accelerate growth by enabling them to differentiate with the right customer experience at the right time, while driving stronger workforce engagement, efficiency and operational improvements. Visit www.genesys.com.

Reasonable Accommodations:

If you require a reasonable accommodation to complete any part of the application process or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you or someone you know may reach out to HR@genesys.com. You can expect a response from someone within 24-48 hours. To ensure we set you up with the best reasonable accommodation, please provide them the following information: first and last name, country of residence, the job ID(s) or (titles) of the positions you would like to apply, and the specific reasonable accommodation(s) or modification(s) you are requesting.

This email is designed to assist job seekers who seek reasonable accommodation for the application process. Messages sent for non-accommodation-related issues, such as following up on an application or submitting a resume, may not receive a response.

Genesys is an equal opportunity employer committed to fairness in the workplace. We evaluate qualified applicants without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, marital status, domestic partner status, national origin, genetics, disability, military and veteran status, and other protected characteristics.

Please note that recruiters will never ask for sensitive personal or financial information during the application phase.