Cybersecurity Incident Responder - (EL-FNP250819 008/01)

• Lead the response to cybersecurity incidents, including malware infections, data breaches, and insider threats.
• Perform real-time and retrospective analysis of security events to identify threats Coordinate with MSSP Security Operations Centre (SOC) teams for monitoring and alerting.
• Develop and document incident response plans and playbooks.
• Should be expertise on handling the incidents end to end.
• Conduct proactive threat hunting to identify unknown threats.
• Perform digital forensic analysis on compromised systems to determine root causes.
• Use forensic tools to collect and analyse logs, memory dumps, and disk images.
• Work with SIEM (Security Information and Event Management) tools to detect anomalous behaviour.
• Analyse logs from firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and cloud security tools.
• Improve detection capabilities by tuning security alerts and developing new rules.
• Recommend and implement security controls to reduce exposure.
• Provide technical leadership to junior incident responders and security analysts

Requirements

• Strong expertise in incident response, threat hunting, and forensic analysis.
• Experience with SIEM tools (e.g., Elastic, Splunk).
• Proficiency in network security, malware analysis, and log analysis.
• Familiarity with cloud security (AWS, Azure, GCP) and container security.
• Experience with cloud security tools and AI-powered security analytics (AWS Guard Duty, Azure Sentinel, Google Chronicle).
• Familiarity with AI/ML-driven anomaly detection and behavioural analysis techniques.
• Knowledge of security solutions ( EDR,XDR,NDR,WAF,Proxy,Firewall,Email Security).
• Scripting and automation skills (Python, PowerShell, Bash).
• Deep understanding of MITRE ATT&CK framework, cyber kill chain, and machine learning models for cybersecurity applications.
• Excellent communication and report-writing skills and ability to work under pressure scenarios