Job Description

The Security Incident Response Handler should have robust technical background, hands-on experience with a wide range of security tools, and the ability to respond swiftly and effectively to security incidents. Willingness to work on dynamic SOC environment that uses state of the art security tools and technologies.

Cybersecurity Incident Manager is responsible for managing and mitigating enterprise-level cybersecurity incidents leading the coordination and communication of incident response efforts. The main priorities are ensuring timely detection, containment, eradication, and recovery from cyber threats while minimizing operational disruptions.

͏

Key Responsibilities

• Monitor, detect, and respond to security incidents using various security tools and technologies.
• Conduct real-time analysis and correlation of security events from multiple sources including SIEM, IDS/IPS, firewalls, and endpoint security solutions.
• Perform in-depth investigation and analysis of security incidents, including malware analysis, forensic investigations, and reverse engineering.
• Execute containment, eradication, and recovery procedures during incidents to minimize impact and restore normal operations.
• Develop and maintain incident response playbooks and escalation procedures to ensure a consistent and efficient response to incidents.
• Collaborate with other IT and security teams to remediate vulnerabilities and improve the overall security posture.
• Prepare detailed and accurate incident reports and documentation for internal use and for external stakeholders, if necessary.
• Stay current with the latest threats, vulnerabilities, and security technologies to ensure effective detection and response capabilities.
• Participate in threat hunting activities to proactively identify and mitigate potential security risks.Serve as the primary coordinator during cybersecurity incidents, aligning efforts across technical and business teams.

͏

• Conduct real-time analysis and correlation of security events from multiple sources including SIEM, IDS/IPS, firewalls, and endpoint security solutions.
• Perform in-depth investigation and analysis of security incidents, including malware analysis, forensic investigations, and reverse engineering.
• Participate in threat hunting activities to proactively identify and mitigate potential security risks. Stay informed about new threats and trends in cybersecurity to enhance response skills.
• Ensure compliance with the organization's incident response framework and regulatory requirements.
• Coordinate with Enterprise Risk Management, SOC, Legal, IT, Data Privacy, and other functions for a unified response. Collaborate with third-party vendors and MSSPs as needed.
• Act as the primary contact for incident updates to executive leadership and stakeholders.
• Generate comprehensive reports during and after incidents, including root cause analysis and mitigation strategies.
• Supervise the creation of post-incident reports and ensure that lessons learned are integrated into future planning strategies.
• Propose security improvements to prevent the reoccurrence of incidents. Perform regular tabletop exercises and simulations to train and prepare teams.

͏

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• At least 12+8 years of experience in a SOC or similar security-focused environment.
• Experience in managing large-scale cybersecurity incidents.
• Understanding of regulatory requirements and industry standards (e.g. GDPR, HIPAA, PCI-DSS).
• Proficient written and verbal communication skills.
• Strong hands-on experience with SIEM platforms (e.g. Palo Alto XSIAM, Splunk, QRadar), IDS/IPS systems, firewalls, endpoint security tools and service management tools (e.g. ServiceNow)
• Proficiency in conducting forensic investigations and malware analysis.
• Experience with scripting and automation tools (e.g., Python, PowerShell) to streamline incident response tasks.
• Deep understanding of network protocols, operating systems, and common attack vectors.
• Relevant certifications such as CISSP, CISA, CISM, CEH, or GIAC are highly desirable.
• Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.

͏