Responsibilities
- Serve as the Incident Commander for high-severity cyber events, orchestrating containment, eradication, and recovery.
- Analyze alerts across EDR, NDR, SIEM, identity, and cloud telemetry to rapidly identify and scope threats.
- Lead deep-dive forensics, threat hunting, and advanced investigations spanning endpoints, networks, cloud (Azure/AWS), SaaS, email, and identity systems.
- Conduct malware analysis, develop IOCs, and integrate actionable intelligence into detection workflows.
- Tune and enhance detection tooling; build automation through SOAR runbooks.
- Produce executive-ready incident reports, drive post-incident reviews, and ensure corrective actions are completed.
- Mentor SOC analysts across tiers, uplift operational SLAs, and strengthen response procedures.
- Partner with other departments and functions to reduce enterprise risk.
Requirements
- 5+ years in Security Operations & Incident Response, including leadership of major incidents.
- Hands-on expertise with EDR/XDR, SIEM, NDR, CASB, and cloud security tooling (Azure/AWS).
- Strong command of forensic techniques, malware analysis, packet analysis, and log investigation.
- Deep familiarity with MITRE ATT&CK, threat actor TTPs, and modern ransomware/BEC vectors.
- Proven ability to perform under pressure and communicate clearly with technical and executive stakeholders.
Nice to Have
- Experience in the financial services industry is a plus.
- Preferred certifications: GCIH, GCFA, GCFE, GNFA, GREM, GCIA, CISSP, or similar.