Cyber Security Incident Response – Senior Associate

The Role

The Cyber Security Incident Response Senior Associate will play a key role in managing and responding to security incidents within WTW’s Cyber Security Incident Response Team. Responsibilities of this role will include:

• Serve as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.
• Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices and WTW’s organizational needs.
• Act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams.
• Lead the in-depth technical investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact
• Work closely with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.
• Lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program.
• Provide mentorship and guidance to junior analysts and conduct tabletop exercises to improve team preparedness.
• Stay informed about emerging threats, attack trends, and evolving threat actor tactics, techniques, and procedures (TTPs) to ensure proactive Defense.
• Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
• Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
• Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency.
• Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
• Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.
• Maintain up-to-date records of all incident handling activities in incident management systems, ensuring alignment with internal policies and audit requirements.

Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

The Requirements

• Minimum 5 years of experience in incident response, with a strong understanding of cybersecurity principles, frameworks, and tools.
• Proficient in forensic analysis, malware analysis, and network traffic analysis. Experience with SIEM tools, EDR platforms, and threat intelligence integration is essential.
• Proven ability to lead high-stakes security incidents and coordinate cross-functional teams effectively.
• Deep understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies.
• Exceptional verbal and written communication skills, with the ability to convey complex technical concepts to non-technical audiences, including executives.
• Industry certifications such as CISSP, GCIH, GCFA, or CISM are highly preferred.
• Experience with platforms like Sentinel, Splunk, Carbon Black, or similar technologies.
• A proactive and decisive mindset with the ability to operate under pressure.
• Strong analytical and problem-solving skills to make informed decisions in complex situations.
• Collaborative and adaptable, with a passion for mentoring and developing team members.

Compensation and Benefits 

Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, qualifications/experience, performance in the role and potential for revenue generation (Producer roles only).

Compensation

The base salary compensation range being offered for this role is $150,000-$250,000.00 USD annually. This role is also eligible for an annual short-term incentive bonus.

Company Benefits 

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

• Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Group Accident, Group Critical Illness, Life Insurance, AD&D, Group Legal, Identify Theft Protection, Wellbeing Program and Work/Life Resources (including Employee Assistance Program)
• Leave Benefits: Paid Holidays, Annual Paid Time Off (includes state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off (only included for Washington roles)
• Retirement Benefits: Qualified contributory pension plan (if eligible) and 401(k) plan with annual nonelective company contribution. Non-qualified retirement plans available to senior level colleagues who satisfy the plans’ eligibility requirements.

Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles County Fair Chance Ordinance for Employers, we will consider for employment qualified applicants with arrest and conviction records.

EOE, including disability/vets