Role:
- Lead and coordinate the global response to cybersecurity incidents, acting as the primary incident commander during high-severity events.
- Develop and maintain incident response playbooks, escalation procedures, and communication protocols.
- Collaborate with SOC analysts, threat hunters, and detection engineers to enhance detection and response capabilities.
- Conduct root cause analysis and post-incident reviews, ensuring lessons learned are documented and integrated into future response strategies.
- Drive forensic investigations by collecting, preserving, and analyzing digital evidence in accordance with legal and regulatory standards.
- 6–8 years of experience in Security Operations, including at least 2 years in a dedicated forensics or incident response leadership role.
- Technical Skills
- Deep understanding of network protocols, security technologies, and threat intelligence concepts.
- Proficiency in forensic tools (e.g., EnCase, FTK, Sleuthkit), malware analysis tools (e.g., IDA Pro, Oily Debug), and scripting (e.g., Python, PowerShell, KQL).
- Experience with SIEM, SOAR, EDR, and threat intelligence platforms.
- Ability to conduct forensic analysis across Windows, macOS, Linux and mobile environments