Senior Incident Response Handler

Telenor Cyberdefence AS is a wholly owned, newly started Nordic cyber security company in the Telenor Group. Telenor Cyberdefence AS' ambition is to become a leading MSSP (Managed Security Services Provider) in the Nordic market, among other things by using Telenor's unique access to threat intelligence to support our services. In addition to delivering modern managed security services, Telenor Cyberdefence AS will also offer specialist expertise through consultancy services and testing of infrastructure / applications with our Offensive Security team.     

Join our growing IR Team at Telenor Cyberdefence as a Senior Incident Response Handler

At Telenor Cyberdefence, our strength lays not just in our technology, but in the people who lead the response when cyber threats strike. We are now looking to strengthen our Incident Response capability with a Senior Incident Response Handler – someone who thrives in high-pressure situations, is technically sharp, and cares deeply about quality, collaboration, and customer trust.

You will be joining a dedicated IR team embedded in one of Norway’s most specialized security environments for cloud-based security services. While your focus will be on Incident Response, you’ll work closely with our 24/7 SOC, Detection and Threat Intelligence teams to deliver high-quality response services to a wide range of customers across critical sectors.

This role is ideal for someone who wants to take a lead in investigations, coordinate response efforts, contribute to detection quality, and mentor others – and who’s not afraid to roll up their sleeves during complex cases or high-stake incidents.

Key Responsibilities

• Lead or support incident response investigations involving advanced threats, including malware, ransomware, insider activity, and cloud compromise

• Analyze complex cases escalated from Tier 1/2 analysts, perform root cause analysis, and deliver actionable recommendations

• Participate in 24/7 on-call rotation and provide leadership during high-priority cases requiring urgent containment and coordination

• Interface directly with customers during active incidents and proactive engagements, serving as a trusted IR lead

• Contribute to development of IR playbooks, response procedures, threat actor tracking, and forensic readiness

• Mentor and support junior analysts, conduct quality assurance on escalated cases, and foster a strong security culture

• Bridge IR and SOC by collaborating on detection tuning, telemetry validation, and post-incident feedback

• Take ownership of specific projects or internal initiatives related to IR capability development

We believe you bring the following:

• Solid experience from Security Operations, Incident Response, or similar field roles (typically 3–5+ years)

• Deep understanding of attacker techniques, IR methodology, and modern threat landscapes

• Strong investigation skills across endpoints, networks, logs, and identity systems

• Experience with or interest in Microsoft Defender XDR, Microsoft Sentinel, and forensic/SOAR tooling

• Proven ability to work in customer-facing scenarios with clarity, professionalism, and composure

• Good documentation habits and structured approach to coordination and reporting

• Experience guiding others, building team competence, or driving internal improvement work

• Sustaining relevant certifications (e.g. GCIH, GCFA, SC-200, AZ-500, BTL2) - but equivalent experience is just as valuable

We offer:

• A visible, strategic role in a high-growth security company focused on protecting critical Nordic infrastructure and enterprises

• The opportunity to shape and strengthen our national-level IR capability together with highly skilled colleagues

• A professional environment where learning, collaboration, and ownership are valued

• Flexibility to evolve the role based on your strengths – whether that’s technical depth, leadership, or customer strategy

• Opportunities for growth, certifications, and participation in community and industry initiatives

• Competitive compensation and a modern office at Telenor Fornebu or Grimstad

At Telenor Cyberdefence, we place strong emphasis on purpose, psychological safety, and continuous learning. 

If you’re passionate about helping customers when it matters most — and want to grow your impact in a trusted team — we’d love to hear from you. We evaluate applications continuously.