Security Incident Responder

Why we're hiring:

The Security Incident Responder is responsible for detecting, analyzing, and responding to cybersecurity incidents in real time. This role ensures rapid containment, eradication, and recovery from security breaches while maintaining compliance and minimizing business impact. The responder will work closely with SOC analysts, engineering teams, and cross-functional stakeholders to execute incident response playbooks and continuously improve organizational resilience.

What you'll be doing:

 

Incident Detection & Analysis

• Monitor SIEM, SOAR, and EDR platforms for alerts and anomalies.
• Investigate and analyze security incidents to determine scope, impact, and root cause.
• Perform forensic analysis and evidence collection in line with legal and compliance standards.

Incident Response Execution

• Execute containment, eradication, and recovery steps as per incident response playbooks.
• Collaborate with IT, Legal, and Risk teams during major incidents.
• Document all actions taken during incident handling for compliance and audit purposes.

Continuous Improvement

• Participate in post-incident reviews and root cause analysis (RCA).
•  Recommend improvements to detection and response processes based on lessons learned.
• Assist in updating and maintaining incident response procedures and playbooks.

Strategic Alignment to GCAT SOC10x

• 10X People: Enhance team capability through knowledge sharing and training.
• 10X Process: Embed automation-first workflows for incident response.
• 10X Technology: Utilize AI/ML-driven analytics for rapid threat identification.
• 10X Visibility: Ensure telemetry coverage across hybrid environments.
• 10X Speed: Reduce MTTD and MTTR through orchestration and automation

 

What you'll need:

 

Technical Expertise

• Strong knowledge of SIEM, SOAR, EDR, and forensic tools.
• Familiarity with incident response frameworks (NIST, ISO27035).
• Proficiency in scripting and automation (Python, PowerShell).
• Understandin