Position: Incident Response Analyst

Job Summary: The Incident Response Analyst in the Cyber Department plays a critical role in identifying, analyzing, and mitigating security incidents that could compromise the organization’s systems, data, or operations. This position requires a deep understanding of security best practices, strong technical skills, and the ability to respond effectively to incidents in a timely and efficient manner.

Key Responsibilities:

Incident Detection and Analysis

• Monitor and analyze security alerts and logs across various platforms to identify suspicious activities and potential security incidents.
• Utilize threat intelligence and detection tools to assess potential threats and vulnerabilities.
• Investigate incidents by gathering relevant artifacts and logs, assessing the severity, and conducting root-cause analysis.

Incident Response and Mitigation

• Execute incident response protocols to contain and mitigate the impact of security breaches.
• Coordinate with cross-functional teams to remediate incidents, ensuring minimal operational disruption.
• Conduct post-incident analyses to identify improvement areas and enhance future responses.

Digital Forensics and Threat Hunting

• Apply Digital Forensics and Incident Response (DFIR) techniques to investigate incidents thoroughly.
• Conduct proactive threat-hunting activities to detect suspicious behavior and indicators of compromise.
• Preserve the integrity of digital evidence in accordance with legal and regulatory standards.

Documentation and Reporting

• Document all steps of the incident response process, from initial detection to resolution, ensuring accuracy and thoroughness.
• Prepare detailed reports for internal stakeholders and relevant compliance and regulatory bodies.
• Participate in incident post-mortems to improve incident response processes and tools.

Qualifications:

• Experience: 3–5 years of experience in Digital Forensics and Incident Response (DFIR).
• Education: Bachelor’s degree in Information Security, Computer Science, or a related field is preferred.
• Certifications: Relevant certifications, such as GCIH, GCFA, GNFA, or CEH, are highly desirable.
• Technical Skills:
• Proficiency with SIEM tools, EDR solutions, and forensic analysis tools.
• Strong understanding of network protocols, log analysis, and threat intelligence.
• Familiarity with scripting languages (e.g., Python, PowerShell) to automate analysis and reporting.

Key Competencies:

• Excellent problem-solving skills with the ability to remain calm under pressure.
• Strong attention to detail and analytical mindset.
• Effective communication skills, able to convey complex technical information to non-technical stakeholders.
• Ability to work independently and as part of a team, with a proactive approach to incident management.