Cyber Security Incident Responder
Company: Global Bank (1-year renewable contract)
Function: IT Production Security / SOC
About the Team
We are looking for a Cybersecurity Subject Matter Expert (SME) specializing in Security Incident Response, Detection Engineering, and Security Investigation to join the SOC and Incident Response team.
Role Overview
Role: Security Incident Response (Detection Engineering & Investigation)
This role is critical in strengthening regional and global detection capabilities, improving SOC maturity, and responding to cybersecurity incidents in a complex global banking environment.
Key Responsibilities
Primary Responsibilities
- Strengthen security detection capabilities and contribute to the global security use‑case development program
- Design, implement, and enrich security detection use cases based on real‑world attack scenarios and frameworks such as MITRE ATT&CK
- Enhance SIEM and SOAR capabilities to improve detection, automation, and response efficiency
- Act as a technical reference for Security Incident Response, Anti‑Malware/Defense, and Detection Engineering
- Oversee detection operations for the 24/7 regional IT Production SOC
- Perform threat hunting, R&D, and continuous improvement of detection coverage
- Respond to cybersecurity incidents, assess severity and impact, and coordinate remediation efforts
- Identify recurring security risks and propose mitigation strategies and process improvements
- Continuously improve SOC frameworks through policy reviews and operational playbooks
- Partner with global, regional, and local stakeholders to ensure detection readiness and effective response
Contributing Responsibilities
- Collaborate closely with the Business CSIRT to enable integrated monitoring and incident handling
- Support local security incident response activities beyond direct scope when required
- Contribute to regulatory compliance and adherence to internal security policies
- Ensure timely and accurate incident reporting through the Incident Management System
- Support control frameworks, control plans, and audit activities, including evidence preparation
Required Skills & Experience
Technical Skills
- 7+ years of experience as a cybersecurity professional
- Strong experience in security use‑case design and development, with working knowledge of Java
- Solid Linux expertise (RedHat / Ubuntu)
- Ability to translate logs and telemetry into actionable threat models
- Strong SecOps / DevOps mindset
- Hands‑on experience with Security Incident Response, threat hunting and investigation, and SIEM platforms and Security Incident Management
- Comfortable working with large datasets and driving automation in detection and response workflow
Qualifications & Certifications
- 7+ years of overall cybersecurity incident response experience
- 4+ years focused on security detection use‑case design, development, and coding
- Experience with ELK Stack (Elasticsearch, Logstash, Kibana) is a strong plus
- Proficiency in scripting languages such as Python, PowerShell, Bash, or SQL is a plus
- Industry certifications such as SANS, CISSP, or OSCP are advantageous
