Responsibilities: Monitor, assess, and triage security alerts and events from SIEM, EDR/XDR, email security, cloud security, and other monitoring platforms. Validate security incidents and determine severity, scope, and business impact. Conduct end-to-end investigations of cybersecurity incidents including phishing, malware, ransomware, account compromise, insider threat, unauthorized access, data exfiltration, and cloud-related incidents Document investigative findings, timelines, indicators of compromise (IOCs), and remediation recommendations. Contribute to use case development, threat hunting, and IOC enrichment where needed.

Required Skills: 3–5 years of cybersecurity experience, with at least 2–3 years in incident response, SOC, or cyber investigations. Strong understanding of the incident response lifecycle: preparation, identification, containment, eradication, recovery, and lessons learned. Hands-on experience with common incident categories such as phishing, malware, endpoint compromise, suspicious authentication activity, privilege misuse, and cloud security events Hands-on experience with: SIEM, EDR/XDR, Identity & cloud logs (Azure, GCP) Strong skills in log analysis, IOC identification, and root cause determination Experience documenting incidents and producing actionable remediation guidance Experience performing Threat hunting using KQL or other query languages, SOAR/playbook automation