Senior Specialist - Incident Response (5-20 yrs)

Job Title :

Cybersecurity Sr. Specialist - Incident Response

Role Overview :

The Cybersecurity Sr. Specialist is responsible for leading Incident Response activities, enhancing Security Operations Center (SOC) efficiency, and building a world-class Cybersecurity Incident Response team. This role involves developing innovative procedures to improve response time, coordination, and security operations. Additionally, the Sr. Specialist will train staff on security operations concepts, develop incident response management processes, write correlations, and integrate intelligence data into monitoring and operations activities.

Roles & Responsibilities :

- Develop and execute security incident response plans and cyber forensic investigations for all reported security incidents.

- Create comprehensive incident reports and investigation summaries.

- Collect and analyze intelligence to proactively detect and identify high-confidence threats to the brand, service infrastructure, and enterprise systems.

- Analyze and validate security control requirements, define mitigation rules, script, and perform changes to mitigate attacks.

- Assist in reviewing existing tools, applications, and processes to strengthen security capabilities and identify gaps.

- Communicate problems and solutions effectively to peers and management, both verbally and in writing.

- Ensure compliance with security policies and governance frameworks while supporting compliance initiatives.

- Lead the analysis and review of security events for anomalous activity and collaborate with peer groups to implement protective measures.

- Identify and implement practical security solutions to address emerging threats and compliance requirements.

Preferred Experience/Skills :

- 6+ years of experience in Incident Response within a 24x7 global enterprise.

- Strong knowledge of security infrastructure, including firewalls, Intrusion Prevention Systems (IPS), Proxy Servers, Security Event Managers, and VPNs.

- Hands-on experience managing or maintaining malware analysis sandboxes and using malware analysis tools.

- Proficiency in Python and/or PowerShell scripting.

- Experience with LogRhythm or other SIEM tools.

- SANS GIAC certifications preferred.

- Deep understanding of Windows operating systems, network and system forensics, and web application vulnerabilities.

- Strong knowledge of networking technologies (TCP/IP, HTTP, SMTP, etc.).

- Ability to identify, analyze, and evaluate malicious code and exploit code in relation to existing security controls.

- Excellent communication and interpersonal skills.

- Availability to provide 24-hour on-call support on a rotating basis.

This position offers an opportunity to work in a dynamic environment with a focus on enhancing security resilience and mitigating risks while ensuring business continuity.