Lead, Cybersecurity Incident Response

Assistant Manager - Incident Response and Threat Hunting is responsible for leading the detection, investigation, and mitigation of cybersecurity incidents. This role involves proactive threat hunting, forensic analysis, and developing response strategies to minimize risks and impact on an organization's IT infrastructure. The specialist also collaborates with cross-functional teams to improve security posture and ensure compliance with industry standards.

The candidate will report to the Head of Incident Response Team and will plan and oversee the performance of security responses to incidents in an IT environment. They will present cyber-incident reports to senior leaders and identify and analyze cyber threats and their root causes.

1. Lead the response to cybersecurity incidents, including malware infections, data breaches, and insider threats.
2. Perform real-time and retrospective analysis of security events to identify threats.
3. Coordinate with MSSP Security Operations Centre (SOC) teams for monitoring and alerting.
4. Develop and document incident response plans and playbooks.
5. Handle incidents end-to-end, from detection to resolution.
6. Conduct proactive threat hunting to identify unknown threats.
7. Perform digital forensic analysis on compromised systems to determine root causes.
8. Utilize forensic tools to collect and analyze logs, memory dumps, and disk images.
9. Work with SIEM tools to detect anomalous behavior and improve detection capabilities.
10. Analyze logs from firewalls, IDS/IPS, endpoint protection, and cloud security tools.
11. Enhance detection capabilities by tuning security alerts and creating new rules.
12. Recommend and implement security controls to reduce exposure.
13. Provide technical leadership to junior responders and analysts.

• Strong expertise in incident response, threat hunting, and forensic analysis.
• Experience with SIEM tools (e.g., Elastic, Splunk).
• Proficiency in network security, malware analysis, and log analysis.
• Familiarity with cloud security (AWS, Azure, GCP) and container security.
• Experience with cloud security tools and AI-powered analytics (AWS GuardDuty, Azure Sentinel, Google Chronicle).
• Knowledge of AI/ML-driven anomaly detection and behavioral analysis techniques.
• Understanding of security solutions (EDR, XDR, NDR, WAF, Proxy, Firewall, Email Security).
• Scripting and automation skills (Python, PowerShell, Bash).
• Deep understanding of MITRE ATT&CK framework, cyber kill chain, and machine learning models for cybersecurity.
• Excellent communication and report-writing skills, with the ability to work under pressure.