Cyber Security Incident Response - Principal Analyst
Lisboa, Lisboa, Portugal
WTW
WTW tarjoaa tietoon perustuvia, näkemyslähtöisiä ratkaisuja ihmisten, riskien ja pääoman alalla.About Us
WTW is a leading advisory, broking, and solutions company with a storied history dating back to 1828. From the Titanic in 1912 to supporting the Moon Buggy in 1971, we have a legacy of turning risk into growth opportunities.
Our Lisbon Regional Delivery Hub is at the heart of this innovation, with a vibrant team of 300+ professionals dedicated to excellence every day.
The Opportunity
We’re looking for a Cyber Security Incident Response Principal Analyst to join our Global Information and Cyber Security Defense (ICSD) function. This is a mid-senior-level role for highly experienced professionals with 5+ years of expertise in cybersecurity and incident response.
As a Principal Analyst, you will take charge of complex security incidents, refine incident response procedures, and collaborate across business and technical teams, including SOC, Threat Hunting, Cyber Threat Intelligence (CTI), and Insider Threat. You will also work beyond the technical domain, liaising with HR, Legal, Compliance, and other business units to ensure effective incident management and risk mitigation.
This global role offers an exciting variety of work, occasional international travel, and the opportunity to be part of a multi-disciplinary cybersecurity community within WTW.
What You’ll Do
As a Cyber Security Incident Response Principal Analyst, you will:
- Lead and coordinate responses to significant security incidents, minimizing impact and ensuring timely resolution.
- Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices.
- Serve as the primary point of contact for incident response activities, ensuring seamless communication with senior leadership, Legal, HR, and Compliance teams.
- Conduct in-depth technical investigations of security incidents, ensuring effective containment, eradication, and recovery.
- Collaborate with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to enhance incident response efficiency.
- Lead root cause analysis and post-incident reviews, identifying gaps and implementing improvements.
- Mentor junior analysts and conduct tabletop exercises to improve team preparedness.
- Stay ahead of emerging threats, attack trends, and evolving adversary tactics to ensure a proactive defense.
- Ensure compliance with regulations and prepare detailed reports for internal and external stakeholders.
- Evaluate and prioritize incidents based on potential impact, escalating as necessary.
- Assist in developing and optimizing automation scripts and workflows to improve response efficiency.
- Contribute to key performance indicators (KPIs) and metrics to measure and enhance incident response effectiveness.
- Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents.
- Maintain comprehensive records of all incident-handling activities to support audits and compliance.
What You’ll Bring
We’re looking for a cybersecurity professional with:
- 5+ years of experience in cybersecurity incident response.
- Advanced expertise in forensic analysis, malware analysis, and network traffic analysis.
- Strong knowledge of SIEM tools, EDR platforms, and threat intelligence integration.
- Proven ability to lead complex security incidents and coordinate cross-functional teams.
- Deep understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies.
- Exceptional communication skills, with the ability to present technical concepts to non-technical audiences, including executives.
- Industry certifications such as CISSP, GCIH, GCFA, or CISM are highly preferred.
- Experience with platforms like Sentinel, Splunk, Carbon Black, or similar technologies.
- A proactive, decisive mindset with strong problem-solving skills.
- A collaborative and adaptable approach, with a passion for mentoring and developing others.
Why WTW?
At WTW, we offer more than just a job—we offer a career. Here’s what you can expect:
- Work-Life Balance: Enjoy flexible working hours and hybrid working options to suit your lifestyle.
- Competitive Compensation: Benefit from an attractive, performance-related remuneration system.
- Global Exposure: Join an international consultancy with the security of a global corporation and renowned clients.
- Career Development: Experience a steep learning curve and ample opportunities for individual career growth through on-the-job learning and specialist training.
- Collaborative Culture: Work in a collegial, appreciative, and dynamic environment where decisions are made together.
- Impactful Work: Quickly take on responsibility and make an impact with direct customer contact.
- Community and Celebration: Participate in corporate events and celebrate our successes together.
Join Us!
Be part of a team that values innovation, excellence, and collaboration. At WTW, your career is more than just a job—it’s a journey. Apply now and turn your potential into success with WTW!
Willis Towers Watson is an equal opportunity employer.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation Carbon Black CISM CISSP Compliance Cyber Kill Chain EDR GCFA GCIH Incident response KPIs Malware MITRE ATT&CK Sentinel SIEM SOC Splunk Threat intelligence Vulnerability management
Perks/benefits: Career development Competitive pay Flex hours Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.