What you'll do
Our Global Cyber Security Incident Response and Recovery Analyst are our first line of response for security event and incidents with a global scope. They are responsible for triaging security alerts detected by Enterprise Detection and SIEM, analyzing available data to determine scope, severity, and priority to determine follow on actions, which could include escalation to a IR Investigator. In escalation cases, they then work in a supportive capacity to further validate if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, supporting forensic investigations to determine the details around an attack, and providing guidance on remediation actions.
In this role, you will
- Monitoring and analyzing alerts from a wide array of security devices and systems
- Responding promptly to incidents, analyzing them, and providing real-time response
- Creating, maintaining, and applying incident response playbooks to manage and resolve security incidents effectively
- Contribute to develop root cause analysis with detailed documentation of findings.
- Good hands-on experience with SIEM, IDS, DNS, EDR solutions.
- Contribute to the development of attack remediation and response strategies.
- Coordinate escalation handling and communication across teams.
- Good experience in reading logs from various data source includes network and host based intrusion detections.
- Collaborate with Detection and SIEM teams to enhance detection logic and alert accuracy.
- Assist in maintaining and improving incident handling documentation - such as playbooks, runbooks, and Standard Operating Procedures.
- We value hands-on practitioners, our environment includes sandboxing, red vs. blue testing, or adversary emulation frameworks (e.g., MITRE ATT&CK, CALDERA, Atomic Red Team) and opportunities to build tooling or simulate attack chains.
- Understanding of cloud logs and telemetry for signs of compromise
- Experience with computer forensics and malware analysis
Preferred Technical Skills and Experience
4 to 6+ years in a cyber incident investigation role or equivalent combination of education, certifications, and relevant training.- Certifications - Industry-recognized certifications such as Security+, GCIA, GCIH, CISSP (or equivalent).
- Good understanding of Advanced Persistent Threat (APT) actors, their tools, techniques, and procedures (TTPs), as well as threat modelling frameworks.
- Proficiency in TCP/IP communications and knowledge of core network protocols and applications such as DNS, HTTP, and SMB etc.
- Security Infrastructure Tools: (SIEM, IDS, EDR, DNS, other Deception technologies)
- Proficiency in scripting languages such as PowerShell, Python, or Bash will be an added advantage.
- Strong problem-solving skills and ability to work under pressure.
Successful candidates might be required to undergo a background verification with an external vendor.
AI Usage in the Recruitment Process
For information on the responsible use of AI in our recruitment process, please refer to our
Please note that any violation of these guidelines may result in disqualification from the hiring process.
Job Segment:ERP, Cloud, Testing, Compliance, Cyber Security, Technology, Legal, Security