Cyber Security Incident Response Principal Analyst

Role:

The Cyber Security Incident Response Principal Analyst will play a key role in managing and responding to security incidents within WTW s Cyber Security Incident Response Team. Responsibilities of this role will include:

• Serve as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.
• Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices and WTW s organizational needs.
• Act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams.
• Lead the in-depth technical investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact
• Work closely with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.
• Lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program.
• Provide mentorship and guidance to junior analysts and conduct tabletop exercises to improve team preparedness.
• Stay informed about emerging threats, attack trends, and evolving threat actor tactics, techniques, and procedures (TTPs) to ensure proactive Defense.
• Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
• Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
• Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency.
• Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
• Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.

Maintain up-to-date records of all incident handling activities in incident management systems, ensuring alignment with internal policies and audit requirements.

Requirement:

We are looking for a candidate for Cyber Security Incident Response who has the following:

• Minimum 5 years of experience in incident response, with a strong understanding of cybersecurity principles, frameworks, and tools.
• Proficient in forensic analysis, malware analysis, and network traffic analysis. Experience with SIEM tools, EDR platforms, and threat intelligence integration is essential.
• Proven ability to lead high-stakes security incidents and coordinate cross-functional teams effectively.
• Deep understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies.
• Exceptional verbal and written communication skills, with the ability to convey complex technical concepts to non-technical audiences, including executives.
• Industry certifications such as CISSP, GCIH, GCFA, or CISM are highly preferred.
• Experience with platforms like Sentinel, Splunk, Carbon Black, or similar technologies.
• A proactive and decisive mindset with the ability to operate under pressure.
• Strong analytical and problem-solving skills to make informed decisions in complex situations.

Collaborative and adaptable, with a passion for mentoring and developing team members