Principal Incident Response Analyst

Job Description:

We are seeking a highly skilled Principal Incident Response Analyst to enhance our cybersecurity response capabilities in a Managed Security operations environment. The ideal candidate will have extensive experience in handling and resolving complex security incidents, with a strong background in Managed Detection and Response (MDR) and Managed SIEM environments. This role demands a hands-on approach to incident response, strong analytical skills, and effective communication with cross-functional teams.

Key Responsibilities:

• Lead the response to complex security incidents, ensuring timely identification, analysis, and resolution.
• Manage the daily operations of incident response, including the analysis of security alerts and the coordination of necessary response actions.
• Utilize Managed SIEM and EDR solutions to effectively detect and respond to security threats, with a preference for expertise in IBM QRadar and Microsoft SentinelOne.
• Collaborate with SOC analysts to refine SIEM rules, alerts, and correlation logic to enhance threat detection capabilities.
• Support the ingestion and analysis of logs from various systems and applications into the SIEM platform to improve incident analysis.
• Develop and refine incident response strategies, policies, and procedures to bolster the organization's security posture.
• Monitor and analyze security events and incidents, ensuring comprehensive investigations and effective mitigations of potential threats.
• Work closely with IT, Legal, and Risk Management teams to ensure cohesive incident response strategies and clear communication during and after incidents.
• Drive continuous improvement of incident response processes and procedures to optimize efficiency and effectiveness.
• Engage in Threat Intelligence and Threat Hunting activities to proactively identify and mitigate emerging security threats.
• Build and maintain relationships with external partners, vendors, and industry peers to keep abreast of emerging threats, best practices, and new technologies.
• Conduct assessments and audits of incident response activities and systems to identify improvement opportunities and ensure regulatory compliance.
• Develop and deliver detailed reports on incident trends, response times, and the effectiveness of incident management.
• Stay informed about the evolving cybersecurity landscape, including emerging threats and industry standards, to recommend proactive security measures.

Qualifications:

• Proven experience (10+ years) in Managed security operations and incident response, preferably in a leading role.
• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
• In-depth knowledge of incident response methodologies and security technologies (SIEM, IDS/IPS, EDR, etc.).
• Strong understanding of TCP/IP protocols, network segmentation, VPNs, and firewall configuration.
• Experience with Threat Intelligence, Threat Hunting, Vulnerability Management, and risk assessment frameworks.
• Expertise in developing and refining SIEM rules, alerts, and correlation logic.
• Ability to manage multiple security incidents in a fast-paced, dynamic environment.
• Exceptional problem-solving and decision-making skills, with a proactive and results-driven mindset.
• Excellent communication skills, capable of discussing complex security issues with both technical and non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, GCIH, GNFA or GIAC are highly desirable.