Job Description

• The Lead Incident Response Analyst is a subject matter expert that safeguards the organization’s digital assets by monitoring networks, systems, and applications for threats and vulnerabilities, while also serving as a mentor to junior team members.
• You will leverage your expertise in threat detection, incident response, and remediation to lead complex investigations and enforce advanced security policies.
• A key part of your role will involve guiding and training less experienced analysts, sharing best practices, and fostering a collaborative team environment.
• You will collaborate with cross-functional IT teams, ensure compliance with regulatory and industry standards, and contribute to the ongoing development of the organization’s cybersecurity strategy.
• This position combines technical leadership with a focus on team development, requiring strong communication skills, a proactive mindset, and a commitment to continuous improvement in security operations and team capabilities.

• The responsibilities listed in this section are core to the position. Inability to perform these responsibilities with or without accommodation may
• result in disqualification from the position.
• Lead Threat Monitoring and Analysis.  Oversee the continuous monitoring of SIEM systems, IDS/IPS, and other tools,
• ensuring the detection of advanced threats while mentoring team members on best practices.
• Develop and Execute Incident Response Strategies.
• Lead the response to high-severity incidents, including coordinating containment, eradication, recovery efforts, and conducting post-incident reviews to improve processes.
• Drive Threat Hunting Initiatives.  Design and execute advanced threat hunting campaigns, identifying and addressing sophisticated threats before they escalate into incidents.
• Enhance SOC Processes and Workflows.  Evaluate and optimize existing SOC procedures, playbooks, and workflows to increase efficiency, scalability, and effectiveness.
• Implement and Refine Security Tools.  Lead projects to deploy, configure, and fine-tune security technologies, ensuring they align with the organization’s threat landscape and operational requirements.
• Act as a Technical Mentor.  Provide leadership and guidance to junior and mid-level SOC analysts, fostering skill development and ensuring high standards across the team.
• Collaborate on Strategic Security Improvements.  Work with cross-functional teams to design and implement security
• measures that align with organizational goals, compliance requirements, and industry standards.
• Lead Threat Intelligence Integration.
• Manage the collection, analysis, and application of threat intelligence to strengthen detection capabilities and proactively defend against emerging threats.
• Drive initiatives to improve SOC operations, such as automating repetitive tasks, adopting new technologies, and contributing to the long-term cybersecurity strategy.

• Bachelor’s Degree required.

• 5 or more years of experience in Cybersecurity Operations or a related IT role required.
• Extensive experience using security monitoring tools such as SIEM platforms, IDS/IPS and EDR solutions to detect and analyze security events.

• Industry certifications in Cybersecurity, Incident Response, Forensics, Threat Hunting, etc
• or IT security (e.g., Security+, CEH, CHFI) are desirable.

• Subject matter expertise in Cyber Threat landscape.  Strong experience in analyzing emerging cyber threats, deep understanding of threat intelligence feeds and integrating threat data into security operations to enhance situational awareness and detection capabilities.
• Subject matter expertise in handling security incidents, including triaging, investigating and responding to alerts, identifying attack vectors and implementing containment and remediation strategies.
• Deep understanding TCP/IP, DNS, HTTP/S, and other protocols; familiarity with network topologies, routing, and switching.
• Strong experience with SIEM tools (e.g., Splunk, ArcSight), IDS/IPS, firewalls, antivirus, and endpoint detection and response (EDR) tools.
• Deep knowledge of NIST, ISO 27001, MITRE ATT&CK, OWASP, and regulatory compliance (e.g., GDPR, HIPAA, PCI-DSS).
• Customer service orientation and prior customer service experience.
• Awareness of current threats, actors, tactics, techniques, and procedures (TTPs) and ability to use threat intelligence tools.
• Ability to analyze security incidents, identify root causes, and execute incident response plans, including log analysis and packet capture.
• Effective communication with technical and non-technical stakeholders; ability to collaborate with cross-functional teams