Cybersecurity Analyst – Incident Response

Job Description:

We are seeking an experienced Cybersecurity Incident Responder to join our cybersecurity operations team. The ideal candidate will be capable of managing incidents at a Tier 3 level and conducting investigations using advanced incident response tools. This role will also contribute to internal fraud and financial crime investigations where a cyber component is present. The position includes participation in an on-call rotation to ensure a prompt response to mitigate impact in a 24/7 environment.

Key Responsibilities:

• Take full ownership of cybersecurity incident response activities and produce summary reports for management and internal stakeholders.
• Analyse escalated alerts from managed security service providers to assess impact, determine appropriate containment and remediation strategies, and ensure thorough recovery.
• Continuously enhance the effectiveness of incident response tools such as EDR, SIEM, and SOAR by optimizing configurations and alert rules.
• Conduct in-depth technical investigations of cybersecurity incidents, including root cause analysis, threat vectors, and adversary tactics and techniques.
• Respond swiftly and diligently during shifts and while on-call to address cybersecurity alerts and time-sensitive incidents.
• Collaborate with internal departments, including Information Security, Privacy, and Fraud Investigation teams, on cyber-related cases.
• Stay current and adaptive in a fast-paced and evolving threat environment.

Qualifications:

• Minimum 2 years of direct experience in cybersecurity incident response, preferably in a financial service or similarly regulated environment.

Strong understanding of:

• Incident response procedures and techniques
• Network protocols and communication principles
• Common vulnerabilities and remediation approaches
• Experience analysing cybersecurity alerts and selecting appropriate containment/remediation actions based on business impact.
• Skilled in investigating incident root causes, including threat vectors and attacker methodologies (TTPs).
• Proven ability to work collaboratively with internal and external stakeholders across functions.
• Strong communication and documentation skills; able to clearly explain technical issues and findings to diverse audiences.

Experience or familiarity with any of the following areas is considered an asset:

• Threat hunting
• Threat intelligence
• Digital forensics

Education & Certifications:

• A degree in Computer Science, Computer Engineering, or a related field is an asset.
• Recognized certifications in cybersecurity incident response or related domains (e.g., CISSP, OSCP, CIH, CHFI, GCFA, GCIH) are preferred or actively being pursued.
• Experience or knowledge of the insurance industry is considered a plus.