Cyber Security Incident Response Analyst

We are seeking a Cyber Security Incident Response Analyst to join our team on a long-term engagement. The successful candidate will play a key role in incident triage, response, and investigation, operating at (L2-L3) within the Security Operations Center (SOC).

This is a 12-month extendable contract with strong potential for renewal based on performance as the project is on a long-term basis.

Key Responsibilities :-

1. Act as the primary contact for incident response across Group Companies.

2. Investigate security alerts escalated by the MSSP and perform end-to-end incident response, including triage, containment, eradication, recovery, and RCA.

3. Analyze alerts from SIEM (Splunk), EDR (CrowdStrike), Firewalls, IPS, WAF, Email Security, and Cloud platforms (Azure, AWS, O365/Entra).

4. Conduct log analysis, forensic evidence collection, and root cause investigations.

5. Prepare incident reports and RCA summaries for stakeholders, ensuring clear communication of risks and recommendations.

6. Provide on-call support for P1/P2 incidents and lead crisis management calls when required.

7. Coordinate with internal teams and vendors to escalate and resolve incidents.

8. Collaborate with stakeholders to ensure swift containment and remediation.

9. Update and maintain IR playbooks and SOPs participate in tabletop exercises and post-incident reviews.

10. Dedicate 60-70% of time to active incident handling and 30-40% to proactive improvements and other security initiatives.

Technical Skill and Requirements:

. Technical Skills: Splunk, CrowdStrike, O365/Entra, Zscaler, Firewalls, IPS, WAF, Email Security, (Okta/Entra), Cloud log analysis.

. Knowledge: MITRE ATT&CK, NIST 800-61, ISO 27035, Cyber Kill Chain.

. Certifications (preferred but not mandatory): GCIH, GCFA, SC-200, CySA+, CISSP/CCSP.

. Soft Skills: Strong RCA/report writing, stakeholder communication, vendor management.