Senior Cyber Threat Intelligence & Incident Response Specialist

Overview

We are seeking a highly technical, hands-on cybersecurity professional to drive Threat Intelligence, Incident Response, and advanced threat detection. This role is suited for an experienced individual contributor who actively performs investigations, threat hunting, and security engineering, while contributing to continuous improvement of security controls.

This role is suited for a senior individual contributor who is comfortable operating independently and leading complex investigations end-to-end.

Role Focus & Success Outcomes

• This is a hands-on, incident response and detection-focused role, where the majority of time will be spent on real-world investigations, threat hunting, and improving detection capabilities across enterprise and cloud environments.
• Act as a key technical contributor to strengthening the organisation's end-to-end detection and response capability, from threat identification to containment and recovery.
• Drive measurable improvements in:
• Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
• Detection coverage across key adversary techniques (e.g. mapped to MITRE ATT&CK)
• Proactive threat discovery through structured hunting activities
• Contribute to building a resilient security posture aligned with organisational and regulatory expectations (e.g. CSA, PDPC where applicable)

Key Responsibilities

Threat Intelligence

• Actively collect, analyse, and operationalise intelligence from OSINT, dark web, commercial feeds, and ISACs
• Perform hands-on adversary tracking, campaign analysis, and TTP mapping (MITRE ATT&CK)
• Translate intelligence into detection rules, hunting queries, and actionable use cases
• Integrate intelligence into security tooling, including CrowdStrike, SIEM, and TIP platforms

Incident Response

• Lead and execute end-to-end incident response activities (triage, containment, eradication, recovery)
• Perform hands-on investigations across endpoints, logs, network traffic, and cloud environments
• Use EDR tools (e.g., CrowdStrike) for live response, forensic analysis, and threat hunting
• Analyse malware behaviour, attacker persistence mechanisms, and lateral movement techniques
• Produce detailed technical reports with clear root cause and remediation actions

Threat Hunting & Detection Engineering

• Develop and execute proactive threat hunting across endpoint, identity, and cloud telemetry
• Write and tune detection rules (SIEM, EDR, Sigma, KQL, Splunk, etc.)
• Validate detections through simulation and adversary emulation
• Continuously improve detection coverage based on intelligence and incident learnings

Cloud Security (Hands-On)

• Investigate and respond to threats in AWS, Azure, and GCP environments
• Analyse cloud logs (CloudTrail, Azure AD, GCP logs) for suspicious activity
• Identify misconfigurations, privilege escalation paths, and identity-based attacks
• Work directly with engineers to remediate security gaps

Brand Protection & Digital Threats

• Investigate phishing campaigns, malicious domains, and impersonation attempts
• Perform technical analysis of phishing kits, payloads, and infrastructure
• Support takedown operations with actionable evidence

Vulnerability & Exposure Management

• Correlate CVEs with real-world exploitation and internal exposure
• Validate vulnerabilities (where applicable) and assess exploitability
• Track and respond to zero-days and active exploitation campaigns
• Work closely with system owners to ensure remediation

Security Control Improvement

• Identify detection and response gaps through real incidents and hunting activities
• Implement improvements across EDR, SIEM, and cloud security controls
• Build automation scripts and workflows to improve response efficiency
• Contribute directly to playbooks, runbooks, and technical standards

Requirements

• 5–8+ years of hands-on experience in Incident Response, Threat Hunting, or Threat Intelligence
• Strong experience with EDR platforms such as CrowdStrike (querying, investigation, live response)
• Proven ability to independently investigate and respond to real-world cyber incidents
• Experience writing detection logic (KQL, SPL, Sigma, etc.)
• Solid understanding of attacker techniques (lateral movement, persistence, C2, credential abuse)
• Hands-on experience in cloud security investigations (AWS, Azure, or GCP)
• Scripting skills (Python, PowerShell, or Bash)

Preferred Qualifications

• Experience in malware analysis or digital forensics
• Familiarity with Threat Intelligence Platforms (TIPs) and SOAR
• Certifications such as GCIH, GCFA, GNFA, GCTI, CISSP, or equivalent
• Experience in regulated or high-risk environments