Lead, Cybersecurity Incident Response

Job Description

Assistant Manager -Incident Response and Threat Hunting is responsible for leading the detection, investigation, and mitigation of cybersecurity incidents. This role involves proactive threat hunting, forensic analysis, and developing response strategies to minimize risks and impact on an organization's IT infrastructure. The specialist also collaborates with cross-functional teams to improve security posture and ensure compliance with industry standards.

The candidate will report to Head of Incident Response Team, and he / she will plan and oversee the performance of security response to security incidents in an IT environment. He / She will present cyber-incident reports to senior leaders. The candidate will identify and define cyber threats and its root cause

Key Responsiblities

Lead the response to cybersecurity incidents, including malware infections, data breaches, and insider threats.

Perform real-time and retrospective analysis of security events to identify threats

Coordinate with MSSP Security Operations Centre (SOC) teams for monitoring and alerting.

Develop and document incident response plans and playbooks.

Should be expertise on handling the incidents end to end.

Conduct proactive threat hunting to identify unknown threats.

Perform digital forensic analysis on compromised systems to determine root causes.

Use forensic tools to collect and analyse logs, memory dumps, and disk images.

Work with SIEM (Security Information and Event Management) tools to detect anomalous behaviour.

Analyse logs from firewalls, intrusion detection / prevention systems (IDS / IPS), endpoint protection, and cloud security tools.

Improve detection capabilities by tuning security alerts and developing new rules.

Recommend and implement security controls to reduce exposure.

Provide technical leadership to junior incident responders and security analysts

Skills and Qualifications

Technical Skills

• Strong expertise in incident response, threat hunting, and forensic analysis.
• Experience with SIEM tools (e.g., Elastic, Splunk).
• Proficiency in network security, malware analysis, and log analysis.
• Familiarity with cloud security (AWS, Azure, GCP) and container security.
• Experience with cloud security tools and AI-powered security analytics (AWS Guard Duty, Azure Sentinel, Google Chronicle).
• Familiarity with AI / ML-driven anomaly detection and behavioural analysis techniques.
• Knowledge of security solutions ( EDR,XDR,NDR,WAF,Proxy,Firewall,Email Security).
• Scripting and automation skills (Python, PowerShell, Bash).
• Deep understanding of MITRE ATT&CK framework, cyber kill chain, and machine learning models for cybersecurity applications.
• Excellent communication and report-writing skills and ability to work under pressure scenarios