This is a fully remote position, open to applicants in India.

• Act as the primary technical escalation point for L2 SOC analysts and the MDR partner.

• Manage intricate forensic investigations, multi-system breaches, and unclear adversary activities.

• Engage with tools: conduct investigations through the SIEM and retrieve host artifacts using EDR.

• Make and document decisions regarding containment measures.

• Relay incident updates to the Security Operations Manager.

• Ensure incidents are driven to a documented resolution.

• Execute in-depth endpoint analysis via EDR.

• Lead incident response efforts based in AWS.

• Examine incidents related to identity providers.

• Carry out structured threat hunting activities within the SIEM.

• Accept escalation handoffs from L2 analysts.

• Over 6 years of practical incident response experience, including a minimum of 3 years in a senior or staff-level technical IR role.

• Proficient in EDR tools at an expert level (e.g., CrowdStrike Falcon, SentinelOne, or similar).

• Advanced capabilities in AWS incident response: including CloudTrail forensics, IAM chain analysis, and investigations of EC2 and Lambda.

• Strong expertise in Windows forensics.

• Solid background in Linux forensics.

• Practical experience with SIEM investigation and detection.

• Experience in identity incident response within an enterprise IdP environment.

• Proven ability to independently scope and manage Sev1 incidents.

• Excellent technical writing skills.

• Familiarity with MITRE ATT&CK frameworks.

• Health insurance coverage.

• Retirement planning options.

• Paid time off policies.

• Flexible working arrangements.

• Opportunities for professional development.

Staff Incident Response Analyst

People also viewed