Cyber Incident Responder

Job Summary:

We are seeking a Cyber Incident Responder to join our Production Security team. You will strengthen detection capabilities, contribute to SIEM and SOAR enhancements, and act as a subject matter expert in Security Incident Response, Anti-Malware/Defense, and Detection Engineering. This role involves overseeing detection capabilities for a 24/7 regional SOC, responding to cybersecurity incidents, and collaborating with global teams to improve security frameworks.

Key Responsibilities:

Detection Engineering & Incident Response:

• Lead technical activities (use case definition, design, implementation, and enrichment) based on real-world attack scenarios (e.g., MITRE ATT&CK).
• Monitor ongoing security threats and propose use cases to detect, protect, or mitigate risks.
• Respond to cyber/IT security incidents, evaluating severity and coordinating resolution.

SOC & Security Monitoring:

• Oversee detection capabilities for the 24/7 regional SOC.
• Partner with global, regional, and local stakeholders to ensure organisational readiness for detecting and responding to suspicious events.
• Continuously improve SOC processes, policies, and operational playbooks.

Collaboration & Compliance:

• Collaborate with Business CSIRT to strengthen integrated security monitoring and incident handling.
• Contribute to local security incident response and ensure compliance with regulatory requirements and internal policies.
• Participate in audits and provide required evidence for control frameworks.

Technical Requirements:

• 7+ years of experience as a cybersecurity professional.
• 4+ years of experience in security use case design, development, and coding (Java knowledge is a plus).
• Hands-on experience with SIEM products (e.g., ELK Stack – Elasticsearch, Logstash, Kibana).
• Strong understanding of Linux (RedHat/Ubuntu) and security logs analysis.
• Experience in incident response activities (threat hunting, event analysis, investigation, reporting).
• SecOps/DevOps mindset with experience in automation and large dataset analysis.
• Scripting skills (Python, PowerShell, Bash, SQL) are a plus.

Preferred Qualifications:

• Professional certifications in IT Security (e.g., SANS, CISSP, OSCP).
• Experience with SIEM on ELK Stack is a plus.