Senior Incident Responder
İş Təsviri
BandB
Job Description:
We are seeking an experienced Incident Responder to join our growing Security Operations team. This role is responsible for leading and executing the full incident response lifecycle — from initial detection and investigation to containment, remediation, and post-incident review. The ideal candidate will work closely with Threat Detection Engineering, Threat Intelligence, and Security Monitoring teams to ensure timely, coordinated, and effective responses to cyber threats affecting internal systems or customer environments.
Responsibilities:
Lead end-to-end investigation and response of complex security incidents across diverse customer environments.
Coordinate with Security Operations, Threat intelligence, and Detection engineering teams to validate, assess, and contain threats effectively.
Execute containment, eradication, and recovery procedures in line with predefined playbooks and incident severity levels.
Perform digital forensics tasks such as host and memory analysis, log correlation, and artifact extraction using industry-standard tools and techniques.
Collaborate with threat intelligence teams to map attacker TTPs and identify indicators of compromise (IOCs) for ongoing threats.
Provide incident context and recommendations to detection engineering for refining detection logic and reducing response time.
Keeping track of multiple metrics, identifying difficulties and tuning workflows/use cases to reduce time taken for incident resolution.
Lead incident root cause analysis, and document lessons learned to continuously enhance response capabilities.
Develop and maintain incident response documentation, escalation procedures, and incident classification workflows based on industry standards (e.g., NIST, SANS).
Carry on threat modeling procedures for various customers together with other teams in SOC.
Mentor and guide junior responders and SOC analysts during incident handling processes and investigations.
Collaborate with clients and internal stakeholders to deliver timely incident updates, reports, and recommendations for improving their security posture.
Requirements:
Strong hands-on experience in security incident response and investigation across a variety of threats (e.g., malware, insider threats, network/active directory/web attacks).
Proficiency with forensics and incident response (DFIR) tools such as FTK Imager, Autopsy, KAPE, Volatility, Sysinternals Suite, etc.
Familiarity with static and dynamic malware analysis techniques, including the ability to extract IOCs, understand malware behavior, and assess potential impact.
Familiarity with scripting (Python, PowerShell) is a plus for investigation automation and enrichment.
Experience coordinating multi-stakeholder incident response activities in high-pressure environments.
Ability to create and follow structured incident response playbooks and contribute to their improvement.
Excellent analytical and problem-solving skills, including the ability to assess incomplete or ambiguous data during active investigations.
Strong written and verbal communication skills for incident reporting and stakeholder briefings.
Ability to multitask and prioritize effectively during high-severity incident scenarios.
An ideal candidate should have proficiency with the following security tools to deliver quality incident response service:
Analyzing incidents and querying logs during investigation phase in SIEM such as Splunk, Elastic, IBM Qradar, MS Sentinel.
Configuring policies/profiles to meet visibility/prevention requirements in EDR/XDR such as Crowdstrike Falcon, Cortex XDR, MDE.
Participating in playbook development and ticketing configurations in SOAR platforms such as Cortex XSOAR, Splunk SOAR.
Preferred:
Bachelor’s degree in Cybersecurity, IT or a related field.
Industry certifications such as: eCIR, eCTHP, eCDFP, OSDA, BTL2, CCD.
Experience in MSSP environment.
Salary: upon the interview
Interested candidates can send their CV to the e-mail address in the Apply for job button by mentioning Senior Incident Responder in the subject line.