Cyber Security Analyst

Role Overview:

The Cyber Security Incident Manager is responsible for leading the response to cyber security incidents, coordinating containment, eradication, and recovery efforts. This role involves developing and maintaining incident response procedures, managing stakeholder communication during and after incidents, and continuously improving the organization’s security posture through lessons learned and proactive planning.

Key Responsibilities:

• Lead and coordinate the end-to-end management of cyber security incidents, including detection, analysis, containment, eradication, and recovery.
• Serve as the primary point of contact during high-impact security events, coordinating with internal teams, executive stakeholders, and external partners.
• Develop, maintain, and test the Cyber Security Incident Response Plan (CSIRP).
• Oversee incident investigations and produce detailed post-incident reports and Root Cause Analyses (RCAs).
• Monitor cyber threat intelligence feeds and integrate threat insights into incident response activities.
• Collaborate with SOC, IT, legal, compliance, and business units to ensure effective communication and alignment during security events.
• Provide technical guidance on incident containment strategies and forensic investigation processes.
• Manage incident tracking tools and ensure accurate documentation of all incident-related activities.
• Support regulatory and audit requirements by providing evidence of incident response practices and improvements.
• Conduct periodic incident response exercises and tabletop simulations to improve organizational readiness.
• Maintain up-to-date knowledge of cyber threats, tactics, techniques, and procedures (TTPs).

Required Skills & Experience:

• Minimum 5 years of experience in cyber security, with at least 2 years in incident response or SOC leadership.
• In-depth understanding of security frameworks (e.g., NIST, ISO 27035, MITRE ATT&CK).
• Strong knowledge of threat detection, malware analysis, forensic techniques, and log analysis tools.
• Experience with SIEM, EDR, SOAR platforms (e.g., Splunk, Sentinel, CrowdStrike, Palo Alto Cortex).
• Familiarity with network and endpoint monitoring technologies.
• Proven ability to manage high-pressure situations with calm and clarity.
• Strong written and verbal communication skills, including the ability to present to executive leadership.
• Experience with cloud environments (Azure, AWS, GCP) and incident handling in hybrid infrastructures.

Preferred Certifications:

• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• SANS or equivalent incident response training

Education:

• Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or a related field (or equivalent practical experience).