• Support the investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery.
• Collaborate in the development and refinement of incident response processes, playbooks, and workflows to enhance efficiency and consistency.
• Perform initial analysis of security events, log data, and alerts to identify potential threats and determine the scope of incidents.
• Work closely with other Cyber Defense teams, including SOC, Threat Hunting, and CTI, to ensure seamless information sharing and coordination during incidents.
• Document incidents thoroughly and prepare post-incident reports, including root cause analysis and recommendations for improvement.
• Monitor emerging threats, vulnerabilities, and attack trends to enhance incident detection and response capabilities.
• Ensure all incident-handling activities comply with applicable regulations and internal policies.
• Participate in root cause analysis and post-incident review meetings to ensure lessons learned are applied to future incidents.
• Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
• Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
• Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency.
• Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
• Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.
• Maintain up-to-date records of all incident handling activities in incident management systems, ensuring alignment with internal policies and audit requirements
  
  

• Minimum 3 years of experience in incident response, with a strong understanding of cybersecurity principles, frameworks, and tools.
• Proficient in forensic analysis, malware analysis, and network traffic analysis. Experience with SIEM tools, EDR platforms, and threat intelligence integration is essential.
• Proven ability to deal with high-stakes security incidents and coordinate cross-functional teams effectively.
• Good understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies.
• Exceptional verbal and written communication skills, with the ability to convey complex technical concepts to non-technical audiences, including executives.
• Industry certifications such as CISSP, GCIH, GCFA, or CISM are good to have.
• Experience with platforms like Sentinel, Splunk, Carbon Black, or similar technologies.
• A proactive and decisive mindset with the ability to operate under pressure.
• Strong analytical and problem-solving skills to make informed decisions in complex situations.
• Collaborative and adaptable, with a passion for mentoring and developing team members.
  
  

Please refer to job description.