Job Description
As an
Incident Response Analyst
, you will play a key role in detecting, investigating, and responding to security incidents, performing digital forensics, and conducting proactive threat-hunting activities.
Key Responsibilities
Incident Response & Forensics
* Drive the handling of security incidents, assigning response actions and tracking execution.
* For major incidents, coordinate ad-hoc response teams to contain, mitigate, and restore services.
* Perform digital forensic investigations (with a focus on Windows environments).
* Develop and maintain incident response playbooks and runbooks.
Threat Hunting & Intelligence
* Proactively hunt for compromises based on threat intelligence and attack indicators.
* Perform deep-dive investigations using CTI and frameworks such as MITRE ATT&CK.
* Collect, analyse, and operationalise cyber threat intelligence into actionable insights.
Security Monitoring & Analysis
* Work with SIEM solutions (Splunk, QRadar, ELK) and IDS/IPS platforms (Snort, Suricata, Zeek) to investigate alerts and anomalies.
* Conduct network and protocol analysis using tools like tcpdump, Wireshark, Argus, SiLK.
* Support continuous improvement of monitoring rules and detection capabilities.
Automation & Engineering
* Develop scripts and automation tools (Python, Perl, Ruby) to accelerate investigation workflows.
* Use Unix/Linux command-line utilities (sed, awk, grep) for log and data analysis.
* Contribute to strengthening security monitoring infrastructure and incident response tooling.
Required Skills & Experience
* Strong knowledge of IT security technologies (secure networking, system security, perimeter defence, web infrastructure).
* Experience in incident management within a SOC, CSIRT, or cyber defence environment.
* Proficiency with logging, monitoring, intrusion detection, and SIEM platforms.
* Practical knowledge of IDS/IPS, NetFlow, and packet analysis tools.
* Hands-on experience in digital forensics, particularly on Windows systems.
* Scripting/programming experience (Python, Perl, Ruby).
* Familiarity with text manipulation and log analysis (sed, awk, grep).
Soft Skills
* Analytical mindset with strong attention to detail while keeping the bigger picture in view.
* Ability to work under pressure in emergency situations.
* Strong communicator and team player.
* Proactive, autonomous, and eager to share knowledge.
* High level of integrity and commitment to continuous improvement.