Incident Response Engineer

As a valued member of the ETMSA team at a prominent organization, you will play a crucial role in responding to and managing cybersecurity threats and incidents across their lifecycle. This involves collaborating closely with a global team of incident responders. Your responsibilities will encompass Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned phases.

Your expertise in cyber defense, digital forensics, log analysis, and intrusion analysis will be utilized to address security incidents affecting our endpoints, network, and cloud infrastructure. Key responsibilities include prevention, detection, response, and remediation utilizing technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), and Data Loss Prevention (DLP), among others.

Effective collaboration and communication with diverse stakeholders in multicultural and global settings will also be part of your role.

Responsibilities:

• Act as a key point of contact, reporting to the Director, to guide all phases of the incident response lifecycle
• Contribute to various incident prevention projects aimed at enhancing security posture

Preparation:

• Understand and adhere to various regulatory and compliance requirements related to incident reporting and escalation
• Engage in self-assessment exercises like Tabletop Exercises, Attack Simulations, and Red/Purple Team exercises for seamless incident response processes
• Develop incident response runbooks, playbooks, and SOPs aligning with regulatory requirements
• Assess the readiness of different layers - people, processes, and technologies for incident response

Detection & Analysis:

• Respond to cybersecurity incidents escalated from different channels, including the 24/7 SOC team
• Manage cybersecurity incidents in compliance with local authority/regulatory requirements
• Evaluate risk, impact, and scope of identified security threats
• Conduct in-depth incident analysis by investigating security-related logs and contextualizing against known threats

Containment, Eradication, and Recovery:

• Collaborate with stakeholders, offer guidance, and make recommendations to contain and eliminate security incidents
• Contribute to root cause analysis using forensic tools to identify sources of compromise or malicious activity
• Document investigative findings for high-profile events and other significant incidents

Post-Incident Activities:

• Facilitate lessons learned sessions for stakeholders
• Oversee and track follow-up actions
• Document incidents in the case management system and generate incident reports

Demonstrate readiness to engage quickly in security incidents.

Requirements:

• Minimum of 5 years of experience in the Cyber Security industry
• Strong technical and analytical skills
• Proficiency in cyber security incident response processes
• Knowledge of AI tools for automating security tasks
• Hands-on experience in incident response
• Scripting experience (Bash, PowerShell, Python, Go) for incident response across multiple platforms
• Familiarity with cybersecurity tools and software like NGFW, EDR, IDS/IPS, SIEM, etc.
• Familiarity with MITRE ATT&CK Framework and/or Cyber Kill Chain
• Proactive in exploring new technologies and enhancing team capabilities
• Security-related certifications like Azure, AWS, CISSP, GCIH, GCIA, etc., are advantageous
• Understanding of regulatory and compliance requirements like GDPR, MAS, PSD2 is a plus

Preferably:

• Rapid learner with a proactive mindset
• Strong team player with a collaborative approach
• Eagerness to learn and willingness to go the extra mile
• Strong sense of ownership, accountability, and urgency
• Confidence in handling incidents and engaging with senior stakeholders
• Insight into business considerations alongside technical decisions.