Incident Response Analyst

Role Overview

An established global organization is seeking an Incident Response Analyst to support cybersecurity operations by identifying, investigating, and responding to security events. This role helps safeguard the confidentiality, integrity, and availability of information systems in alignment with business objectives and regulatory requirements.

The position focuses on incident detection, analysis, containment, and continuous improvement of security processes within a structured security operations environment.

Key Responsibilities

• Deliver Tier 2 incident response support across a global environment as part of the information security function.
• Manage and resolve security tickets in accordance with defined service level agreements (SLAs).
• Investigate alerts and data from monitoring tools, operational incidents, and other sources to assess the scope and impact of potential threats.
• Evaluate existing incident response processes and recommend improvements to management.
• Support the implementation and enhancement of threat detection and prevention controls.
• Utilize standard incident response technologies, including security monitoring platforms, log management tools, packet capture solutions, and breach detection systems.
• Assist in forensic investigations and ensure proper evidence handling procedures under guidance from senior security personnel.
• Contribute to the development and refinement of security standards, procedures, and operational documentation.
• Escalate and report compliance issues for timely remediation.
• Maintain assigned security systems to ensure performance, reliability, and capacity requirements are met.
• Provide operational updates, metrics, and status reports to security leadership.
• Support security awareness initiatives, internal knowledge repositories, and training materials.
• Participate in special projects or initiatives related to cybersecurity operations.

Qualifications and Experience

• Bachelor’s degree in Computer Science or a related field, or equivalent practical experience.
• Professional experience in information security, preferably with exposure to incident response or digital forensics.
• Understanding of incident response methodologies, forensic processes, and evidence handling practices.
• Familiarity with common security tools such as SIEM platforms, intrusion detection systems, log analysis solutions, endpoint detection tools, and packet capture utilities.
• Knowledge of network fundamentals including TCP/IP, DNS, and common network services.
• Basic understanding of malware analysis techniques, including identifying indicators of compromise and analyzing suspicious code or websites.
• Experience with vulnerability assessment or scanning tools (e.g., enterprise vulnerability management platforms).
• Awareness of current cybersecurity threats and attack techniques, with the ability to adapt to evolving risk environments.
• Ability to investigate and report security threats using data from multiple sources and apply threat hunting techniques based on available intelligence.
• Experience conducting host or network-based digital forensic analysis and identifying abnormal behavior across systems or endpoints.
• Strong analytical and problem-solving abilities with sound judgment under pressure.
• Excellent written and verbal communication skills, including the ability to explain technical concepts to non-technical stakeholders.
• Ability to work independently with minimal supervision.
• Demonstrated attention to detail and disciplined incident handling practices.
• Customer-focused mindset with a commitment to service quality and professionalism.
• Willingness to work in a shift-based schedule supporting global operations.
• Relevant industry certifications (e.g., information security or incident handling certifications) are advantageous but not required.

Reporting Line
Reports to: Security Operations Manager

Employment Type
Full-time role within a centralized services environment.

Career Level
Specialist-level position focused on incident response and security operations.