Job Description

Responsible Domains as below:

1. Monitoring & Detection

• Monitor security alerts from various sources, including SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), firewalls, and IDS/IPS systems.
• Triage incoming alerts to distinguish between benign events and genuine security incidents.
• Maintain and tune use cases within the SIEM to reduce false positives and improve detection capabilities.
  
  

2. Incident Response & Management

• Lead the technical response to security incidents, including malware outbreaks, ransomware, phishing campaigns, data leaks, and unauthorized access.
• Perform digital forensics, including disk and memory analysis, to determine the root cause and scope of an incident.
• Contain, eradicate, and recover from security incidents, ensuring business continuity.
• Document every step of the incident lifecycle, creating detailed after-action reports and timelines.
  
  

3. Threat Hunting & Analysis

• Proactively search for signs of advanced persistent threats (APTs) or malicious activity that may have evaded existing security controls.
• Analyze threat intelligence feeds to understand the current threat landscape and anticipate potential attacks against the organization.
  
  

4. Communication & Reporting

• Communicate technical findings to non-technical stakeholders, including management and legal teams, during active incidents.
• Prepare post-incident reports that include root cause analysis, lessons learned, and remediation recommendations.
• Escalate critical incidents according to the incident response plan.
  
  

5. Process Improvement

• Recommend and implement improvements to security tools, policies, and playbooks based on lessons learned from incidents.
• Collaborate with the IT and Development teams to ensure vulnerabilities are patched and configurations are hardened.

Qualifications & Requirements

1. Education: Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field (or equivalent practical experience).
2. Experience: 3+ years of experience in information security, with a focus on incident response, security operations, or threat analysis.
3. Tools: Proficiency with SIEM platforms (e.g.,ELK), EDR tools (e.g., CrowdStrike, SentinelOne, Defender ATP), and NDR tools (e.g., Darktrace).
4. Forensics: Experience with digital forensics tools and techniques (e.g., EnCase, FTK, Volatility, Autopsy) is a plus.
5. Operating Systems: Deep understanding of Windows and Linux operating systems, including logging mechanisms, file systems, and common persistence mechanisms.
6. Cloud: Familiarity with cloud security and incident response in AWS, AliCloud, or GCP environments.
7. Scripting: Proficiency in scripting languages such as Python, PowerShell, or Bash for automation and log analysis.
8. Frameworks: Solid understanding of the Cyber Kill Chain, MITRE ATT&CK framework, and NIST incident response lifecycle.
9. Analytical Thinking: Exceptional problem-solving skills and the ability to think like an attacker.
10. Communication: Excellent written and verbal communication skills; ability to explain complex technical issues to a non-technical audience.
11. Stress Management: Ability to remain calm and methodical under pressure during active security breaches. Must be willing to work during non-office hours and ad-hoc request during incident support.
12. Certifications (Preferred but not mandatory)

• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security+
• Certified Ethical Hacker (CEH)