Incident Response Engineer

As a valued member of the ETMSA team at [Company], you will play a pivotal role in handling cybersecurity threats and incidents across their entire lifecycle. This includes preparing for incidents, identifying and containing them, eradicating threats, facilitating recovery, and conducting post-incident reviews. You will collaborate closely with a diverse team of incident responders worldwide.

Your responsibilities will involve utilizing your expertise in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents affecting our endpoints, network, and cloud infrastructure. Your primary focus will be on implementing prevention, detection, response, and remediation measures, utilizing technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), and Data Loss Prevention (DLP), among others.

Furthermore, you will demonstrate exceptional collaboration and communication skills to work effectively with stakeholders in multicultural and global settings.

Key Responsibilities

• Collaborate with the Director throughout all stages of the incident response lifecycle.
• Contribute to various incident prevention projects to enhance the overall security posture.

Preparation:

• Understand various regulatory and compliance requirements related to incident reporting timelines and escalation procedures.
• Participate in self-assessment exercises, such as Tabletop Exercises and Attack Simulations, to ensure operational effectiveness.
• Develop incident response documentation aligned with regulatory guidelines.
• Assess the readiness of incident response processes across people, procedures, and technologies.

Detection & Analysis:

• Respond to cybersecurity incidents escalated from different sources including the 24/7 SOC team.
• Manage cybersecurity incidents in compliance with local regulations.
• Evaluate the risks, impact, and scope of security threats.
• Conduct detailed incident analysis leveraging various data sources.

Containment, Eradication, and Recovery:

• Provide guidance to stakeholders to contain and eliminate security threats.
• Take part in root cause analysis using forensic tools to identify sources of compromise.
• Document and present investigative findings, especially for high-profile incidents.

Post-Incident Activities:

• Conduct post-incident reviews with stakeholders.
• Oversee follow-up actions and document incidents in the management system.

Requirements

• Minimum 5 years of experience in the Cyber Security field.
• Proficient in technical and analytical skills.
• Knowledgeable about cybersecurity incident response processes.
• Familiarity with AI tools for automating security tasks.
• Hands-on experience in incident response activities.
• Strong scripting abilities in Bash, PowerShell, Python, Go, etc.
• Experience with cybersecurity tools like NGFW, EDR, IDS/IPS, SIEM, and others.
• Understanding of MITRE ATT&CK Framework and Cyber Kill Chain.
• Enthusiastic about exploring new technologies and enhancing team capabilities.
• Security certifications (e.g., AWS, CISSP, GCIH, etc.) are a plus.
• Familiarity with regulatory standards like GDPR, MAS, and PSD2 is advantageous.

Preferred

• A quick learner with a proactive attitude.
• Strong team player willing to collaborate effectively.
• Eager to learn and willing to invest extra effort.
• Demonstrate ownership, accountability, and urgency in managing incidents.
• Capable of handling senior stakeholders and incident management with confidence.
• Possess a blend of technical and business acumen for making critical decisions.

Note: AI tools may be utilized to assess your application against job requirements to support recruitment review processes. These tools enhance but do not replace human judgment in hiring decisions. For more information on data processing, feel free to reach out.