Lead Information Security Analyst -Security Operations/Incident Management

What you'll do

• Alert triage - investigate EDR, Entra, Email & SIEM alerts to identify threats and anomalies
• Perform detailed technical investigation on security incidents, root cause analysis, recommend and mitigate incidents per security framework
• Create Incident Response processes, runbooks, SOPs, and ensure continuous documentation and reporting
• Provide security advisory, develop use cases, support deployment/integration and fine-tuning of security platforms with IT teams
• Collaborate with Corporate IT teams to strengthen security posture and reduce attack surface
• Utilize open-source threat intelligence to evaluate threats and analyze impact, deploy detection/remediation procedures
• Collaborate with technical and non-technical teams to achieve cybersecurity objectives
• Coordinate with stakeholders to understand infrastructure, products, and business processes to ensure adequate security controls
• Provide management with insights into threats, new detection methods, and lead team members to resolve complex security problems

Requirements

• 8-11 years of experience in Security Operations/Incident Management
• Self-motivated and self-governing individual with attention to detail
• Strong leadership skills in technical security issue ownership and resolution
• Ability to guide team members for optimal outcomes
• Ability to operate and decide in ambiguous situations
• Strong interpersonal skills and excellent communication
• Skills in correlating events, log analysis, networking basics, and cybersecurity fundamentals
• Knowledge of SOC frameworks such as MITRE ATT&CK, NIST, cyber kill chain
• Understanding of security tools like EDR, Email security, IPS/IDS, Firewall, and SIEM
• Hands-on experience with one or more security tools like McAfee EDR, FireEye, CrowdStrike EDR, Cortex XDR, Microsoft XDR
• Exposure to Cloud Security technologies (desirable)
• Exposure to securing AI technologies (desirable)
• Good customer service skills, curiosity to learn and adapt
• GIAC / CySA+ or equivalent certification preferred
• Open to learning new security concepts

Tech stack

Benefits