Incident Responder

About this role

Responsibilities

• Independently handle incident case investigations and drive to full remediation, including triage, analysis, containment and remediation.
• Assess the impact and risk of incidents, make evidence-based decisions and take appropriate actions according to defined procedures and best practice.
• Utilize various security tools and technologies to detect, investigate, contain, remediate and document cyber threats.
• Communicate and collaborate with other teams, including business liaisons, to ensure proper prioritization and resolution of incident cases.
• Contribute to the development and enhancement of security monitoring and detection capabilities by improving detection logic, filtering, aggregation and automation.
• Actively build and improve team’s knowledgebase and standard procedures.
• Support, assist and provide feedback to junior colleagues.
• Actively participate in development projects building functionality required by incident response team.
• Stay up to date with the latest security trends, attack techniques, vulnerabilities, and best practices.

Requirements

• Previous experience of at least 3 years in a cyber security operations role (SOC, incident response, digital forensics, DLP, threat hunting or similar).
• Strong understanding of computer networks, operating systems, security tools, log types/sources, and attack vectors.
• Hands-on experience with some of the industry standard security tools (in categories like EDR, SIEM, MDM, identity management, sandboxes, proxies, firewalls, PAM).
• Comprehensive knowledge of procedures for security monitoring, incident investigation, incident response, and remediation methodologies.
• Investigative mindset with excellent analytical and problem-solving skills.
• Scripting skills to solve data processing tasks on ad hoc basis.
• Strong communication skills, both written and verbal. Experience presenting and reporting to senior leadership.
• Knowledge of cloud security concepts and technologies.