Job Description

Key Tasks & Responsibilities:

• Lead and manage cybersecurity incidents end‑to‑end, from identification through containment, eradication, recovery, and post‑incident closure.

• Assess incidents to determine root cause, scope, severity, and business impact; define response objectives and priorities accordingly.

• Form and lead cross‑functional incident response teams, coordinating across SOC, IT operations, Cloud, Network, Threat Intelligence, and external partners.

• Coordinate containment, eradication, and recovery activities, ensuring response objectives are met within defined SLAs.

• Manage incident response resources, track progress, and ensure timely execution of response actions.

• Govern SOC incident response processes, playbooks, metrics, and overall effectiveness.

• Ensure timely escalation of significant and critical incidents to senior leadership and relevant stakeholders.

• Manage internal and external communications, delivering regular incident status updates, executive briefings, dashboards, and crisis communications.

• Drive post‑incident Root Cause Analysis (RCA), problem management, and lessons‑learned sessions to prevent recurrence.

• Identify, track, and follow up on corrective and preventive actions; ensure proper documentation of all incident actions, decisions, and evidence.

• Monitor detection and response effectiveness and drive continuous improvement through enhanced processes, automation, detection content, and operational workflows.

• Contribute to SOC maturity by continuously improving incident response governance, tooling, and operational capabilities.

Key Skills:

• Hands-on experience managing major cybersecurity incidents in large-scale enterprise environments.

• Strong expertise with Microsoft security ecosystem:

  • Microsoft Sentinel (SIEM)

  • Microsoft Defender for Endpoint (MDE)

  • Microsoft Defender for Identity (MDI)

  • Microsoft Defender for Office 365 (MDO)

  • Microsoft Defender for Cloud (MDC)

• Apply industry frameworks such as NIST IR Lifecycle, MITRE ATT&CK, and Cyber Kill Chain to guide incident handling.

• Deep understanding of SIEM, IDS/IPS, endpoint security, cloud security, networking protocols.

• Strong knowledge of OWASP, Cyber Kill Chain, MITRE ATT&CK, NIST Incident Response Lifecycle.

• Excellent communication, stakeholder management, and crisis leadership skills.

• Ability to translate technical risks into business-impact narratives for executives.

• Experience in escalation management and cross-functional coordination.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field

• 10–12 years of overall cybersecurity experience with strong focus on incident management.

• CISSP | CISM | SANS SOC Manager GCIH GCIA

• EC-Council Certified SOC Analyst

• Microsoft Certified: Security, Compliance, and Identity Fundamentals