Incident Response Analyst

Tasks

• Analyze MDM policy violations
• Analyze anomalous traffic for web attacks
• Analyze logs from operating systems networks and applications
• Analyze policy violations and collaborate on findings
• Build detection logic
• Classify and prioritize incidents
• Collect forensic artifacts and reconstruct timelines
• Conduct incident investigations
• Create dashboards
• Develop detection rules and correlation rules
• Fine-tune WAF rules
• Integrate and normalize log sources in SIEM
• Investigate data leaks with DLP
• Investigate security incidents
• Monitor and triage SIEM alerts
• Participate in incident post mortems and recommend improvements
• Perform network traffic analysis
• Perform root cause analysis
• Reduce MTTR with automation and runbooks
• Reduce response time

Perks/Benefits

• Continuous professional development support
• Corporate coaching
• Family days
• Flexible start time
• Internal workshops and events
• Ongoing training
• Paid vacation days
• Psychologist support
• Team-building activities
• Trips and corporate events

Skills/Tech-stack

AWS CloudTrail | Audit Logs | Automation | Bash | Cause analysis | CrowdStrike | DLP | EDR | EDR XDR Threat Detection | EDR/XDR | Elasticsearch | GCP Audit Logs | GCP audit | Graylog | Incident Response | Linux | Linux forensics | Log Analysis | MDM | MTTR | MacOS | Mitre Attack | Network Protocols | OpenSearch | Playbooks | Python | Root Cause Analysis | Root cause | SIEM | SOAR | Security APIs | Security operations | SentinelOne | Splunk | Threat detection | Traffic analysis | WAF | Windows | Windows forensics | Wireshark | XDR | Zeek