Cybersecurity Incident Response Specialist (L2/L3)
We are seeking a Cybersecurity Incident Response Specialist to support advanced security operations and handle complex security incidents across enterprise environments. This role is responsible for investigating security alerts, analyzing threats, and managing incidents across the full incident response lifecycle.
The ideal candidate has strong hands-on experience in threat investigation, malware analysis, and detection engineering, with the ability to respond to sophisticated cyber threats while improving detection capabilities within security platforms.
Key Responsibilities
- Investigate and respond to security incidents including malware infections, account compromise, phishing, and endpoint threats.
- Manage incidents across the full incident response lifecycle: preparation, identification, containment, eradication/remediation, recovery, and post-incident review.
- Perform malware and threat analysis to determine root cause, impact, and remediation steps.
- Conduct endpoint and system investigations on compromised machines.
- Develop and improve detection logic by creating custom rules in SIEM or XDR platforms to identify suspicious or malicious activity.
- Analyze threat telemetry and behavioral patterns to identify potential security threats.
- Document incident findings, remediation actions, and lessons learned.
- Collaborate with internal security teams to improve monitoring and incident handling processes.
Requirements
- At least 45 years of relevant cybersecurity experience, preferably within Security Operations or Incident Response.
- Experience providing L2/L3 support within a SOC or Incident Response team.
- Hands-on experience managing incidents across the full Incident Response lifecycle (Preparation, Identification, Containment, Eradication/Remediation, Recovery, Lessons Learned/Follow-up).
- Experience creating detection rules or alerts within SIEM or XDR platforms to identify suspicious activity.
- Strong understanding of malware behavior, endpoint compromise investigation, and threat analysis.
- Experience analyzing security telemetry, logs, and threat indicators.
