Cyber Security Incident Response - Senior Analyst

The Cyber Security Incident Response Senior Analyst will play a critical role in WTW’s Cyber Security Incident Response Team (CSIRT), supporting the response to security incidents and contributing to the improvement of WTW’s incident management capabilities. This is a hands-on technical role designed for professionals with at least 3 years of experience in security incident response and cybersecurity.

As a key part of WTW’s Cyber Defense strategy, the Senior Analyst will work closely with SOC, Threat Hunting, Cyber Threat Intelligence (CTI), and Insider Threat teams. The role requires strong technical skills and the ability to investigate and manage security incidents effectively. The successful candidate will help refine processes, document incidents, and engage with cross-functional teams to mitigate security risks.

The individual will work as part of a global, multi-disciplined security community with strong support across the business, contributing to fostering a security-aware culture while ensuring WTW remains a great place to work. With WTW’s large global footprint, this role offers a fascinating range of work, and occasional global travel may be required.

The Role

The Cyber Security Incident Response Senior Analyst will play a key role in managing and responding to security incidents within WTW’s Cyber Security Incident Response Team. Responsibilities of this role will include:

• Support the investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery.
• Collaborate in the development and refinement of incident response processes, playbooks, and workflows to enhance efficiency and consistency.
• Perform initial analysis of security events, log data, and alerts to identify potential threats and determine the scope of incidents.
• Work closely with other Cyber Defense teams, including SOC, Threat Hunting, and CTI, to ensure seamless information sharing and coordination during incidents.
• Document incidents thoroughly and prepare post-incident reports, including root cause analysis and recommendations for improvement.
• Monitor emerging threats, vulnerabilities, and attack trends to enhance incident detection and response capabilities.
• Ensure all incident-handling activities comply with applicable regulations and internal policies.
• Participate in root cause analysis and post-incident review meetings to ensure lessons learned are applied to future incidents. 
• Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
• Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
• Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency.
• Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
• Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.
• Maintain up-to-date records of all incident handling activities in incident management systems, ensuring alignment with internal policies and audit requirements

The Requirements

We are looking for a candidate for Cyber Security Incident Response who has the following:

• Minimum 3 years of experience in incident response, with a strong understanding of cybersecurity principles, frameworks, and tools.
• Proficient in forensic analysis, malware analysis, and network traffic analysis. Experience with SIEM tools, EDR platforms, and threat intelligence integration is essential.
• Proven ability to deal with high-stakes security incidents and coordinate cross-functional teams effectively.
• Good understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies.
• Exceptional verbal and written communication skills, with the ability to convey complex technical concepts to non-technical audiences, including executives.
• Industry certifications such as CISSP, GCIH, GCFA, or CISM are good to have.
• Experience with platforms like Sentinel, Splunk, Carbon Black, or similar technologies.
• A proactive and decisive mindset with the ability to operate under pressure.
• Strong analytical and problem-solving skills to make informed decisions in complex situations.
• Collaborative and adaptable, with a passion for mentoring and developing team members.

WTW is an Equal Opportunity Employer