Responsibilities:

• Monitor, assess, and triage security alerts and events from SIEM, EDR/XDR, email security, cloud security, and other monitoring platforms.
• Validate security incidents and determine severity, scope, and business impact.
• Conduct end-to-end investigations of cybersecurity incidents including phishing, malware, ransomware, account compromise, insider threat, unauthorized access, data exfiltration, and cloud-related incidents
• Document investigative findings, timelines, indicators of compromise (IOCs), and remediation recommendations.
• Contribute to use case development, threat hunting, and IOC enrichment where needed.

Required Skills:

• 3–5 years of cybersecurity experience, with at least 2–3 years in incident response, SOC, or cyber investigations.
• Strong understanding of the incident response lifecycle: preparation, identification, containment, eradication, recovery, and lessons learned.
• Hands-on experience with common incident categories such as phishing, malware, endpoint compromise, suspicious authentication activity, privilege misuse, and cloud security events
• Hands-on experience with:
  • SIEM, EDR/XDR, Identity & cloud logs (Azure, GCP)
• Strong skills in log analysis, IOC identification, and root cause determination
• Experience documenting incidents and producing actionable remediation guidance
• Experience performing Threat hunting using KQL or other query languages, SOAR/playbook automation