_edited_edite.png){kind=small}
About the Role
The Incident Response Analyst is responsible for detecting, investigating, and responding to cybersecurity incidents across the organization’s IT and OT environments. This role is critical in protecting sensitive data, minimizing the impact of cyber threats, and strengthening the organization’s overall security posture. The analyst will work closely with other cybersecurity teams, providing real-time monitoring, analysis, and actionable intelligence to mitigate risks and prevent future incidents.
What you will do.
Key Responsibilities
Monitor and analyze alerts from SIEM, EDR, IDS/IPS, and other security tools to detect potential threats or anomalous activities.
Perform triage, classification, and initial response for security events to determine severity and potential business impact.
Investigate security incidents, performing root cause analysis and determining indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
Contain, eradicate, and recover from security incidents in coordination with IT, network, and application teams.
Document and maintain accurate incident records, timelines, and investigative findings.
Support digital forensics activities and evidence preservation during investigations.
Collaborate with threat intelligence teams to analyze and share information on emerging threats and vulnerabilities.
Participate in post-incident reviews to identify gaps, lessons learned, and opportunities to enhance response processes.
Assist in the development and tuning of detection rules, response playbooks, and automated workflows.
Stay updated on current cyber threats, attack techniques, and security technologies to continuously improve response capabilities.
What we are looking for.
Required Qualifications
Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field; or equivalent hands-on experience.
1–3 years of experience in incident response, SOC operations, or cybersecurity analysis.
Familiarity with SIEM platforms (Splunk, QRadar, Sentinel, etc.) and endpoint security tools (CrowdStrike, Carbon Black, Defender, etc.).
Strong understanding of operating systems, networking protocols, and security frameworks.
Ability to analyze logs, packet captures, and alerts to identify malicious activity.
Knowledge of common threat actor TTPs and frameworks such as MITRE ATT&CK.
Strong problem-solving and analytical skills with attention to detail.
Excellent communication skills for collaboration and reporting findings to technical and non-technical stakeholders.
Preferred Qualifications
Industry certifications such as GCIH, GCIA, CEH, Security+, CySA+, or ECIH.
Experience with scripting or automation (Python, PowerShell, Bash) to streamline analysis and response processes.
Familiarity with cloud environments (AWS, Azure, GCP) and cloud security principles.
Exposure to threat hunting methodologies or purple teaming exercises.
Experience in incident response for regulated industries such as finance, healthcare, or government.