Senior Incident Response Specialist, Cyber Security

Role Mission

The Senior Analyst – Cyber Security Incident Response is responsible for monitoring, detecting, and analyzing cybersecurity incidents through the Security Operations Centre (SOC) platform. The role supports the end-to-end incident lifecycle — including triage, investigation, containment, and closure — ensuring timely response to security events and maintaining cyber resilience. This role acts as the Level 2 (L2) Incident Responder, bridging SOC analysts and Incident Response management by performing deep technical analysis and coordinating with internal teams for resolution.

Accountabilities:

• Perform end-to-end incident triage and investigation of security alerts escalated from L1 SOC analysts.
  
• Ensure timely incident analysis, containment, and escalation aligned with MTTD and MTTR goals.
  
• Support the SIEM platform (Elastic Stack) by fine-tuning existing rules and suggesting new detections.
  
• Conduct log analysis and correlation across multiple data sources (network, endpoint, and cloud).
  
• Create and maintain incident documentation, reports, and lessons learned.
  
• Support incident response playbook execution during containment and recovery phases.
  
• Collaborate with IT, network, and application teams for incident remediation and root cause analysis.
  
• Provide insights for use case improvements and participate in use case validation and testing.
  
• Escalate confirmed incidents to CSIRT / Assistant Manager – Incident Response for further action.
  
• Participate in post-incident reviews, contributing to process and detection improvements.
  

• Monitor alerts generated from the SOC/SIEM and perform initial to intermediate-level investigations. 
  
• Review and validate security events from multiple log sources and identify legitimate threats.
  
• Perform deep-dive investigations for incidents involving malware, phishing, insider threats, and cloud breaches.
  
• Assist in detection rule creation and tuning under the guidance of senior incident responders.
  
• Use frameworks like MITRE ATT&CK for mapping and improving detection quality.
  
• Conduct threat hunting using Elastic Stack and related tools.
  
• Collaborate with MSSP, CSIRT, and IT infrastructure teams to ensure timely incident handling.
  
• Support incident response reporting, evidence collection, and documentation for compliance and audit.
  
• Contribute to automation opportunities in detection and response workflows.
  
• Participate in training sessions, simulations, and tabletop exercises to enhance readiness.
  
• Responsible for the log source onboarding and managing the continuous logs availability on the SIEM platform.
  

• Monitor alerts generated from the SOC/SIEM and perform initial to intermediate-level investigations. 
  
• Review and validate security events from multiple log sources and identify legitimate threats.
  
• Perform deep-dive investigations for incidents involving malware, phishing, insider threats, and cloud breaches.
  
• Assist in detection rule creation and tuning under the guidance of senior incident responders.
  
• Use frameworks like MITRE ATT&CK for mapping and improving detection quality.
  
• Conduct threat hunting using Elastic Stack and related tools.
  
• Collaborate with MSSP, CSIRT, and IT infrastructure teams to ensure timely incident handling.
  
• Support incident response reporting, evidence collection, and documentation for compliance and audit.
  
• Contribute to automation opportunities in detection and response workflows.
  
• Participate in training sessions, simulations, and tabletop exercises to enhance readiness.
  
• Responsible for the log source onboarding and managing the continuous logs availability on the SIEM platform.