Incident Response Analyst - Defensive Operations

About the Role:

The Incident Response Defensive Operations (IRDO) team is seeking a detail-oriented, proactive Analyst to help drive strategic improvements to our Cybersecurity Incident Response program. This role is designed for someone who thrives at the intersection of operations, project management, and technical problem-solving.

You’ll work alongside Incident Response analysts and engineers to identify pain points in existing workflows, close capability gaps, and manage high-impact projects that enhance the efficiency, effectiveness, and overall analyst experience of the Cybersecurity IR team. You’ll also serve as a key liaison with our Threat Detection and Engineering (TIDE) team, ensuring smooth collaboration on detection engineering, automation, and improvements to our IR tooling.

As part of this role, you'll also contribute to the CSIRT Attack Surface Management program - an initiative focused on evaluating and improving the organisation’s ability to detect and respond to threats across critical domains including email, applications, networks, and endpoints.

What You'll Do:

• Analyse incident response workflows to identify inefficiencies and friction points; propose and implement improvements.

• Investigate operational and technical capability gaps - such as containment or access limitations and coordinate efforts to close them.

• Lead and support cross-functional projects aimed at improving IR tooling, processes, and analyst experience.

• Build or coordinate the development of workflow automations that reduce manual overhead and streamline response processes.

• Contribute to the CSIRT Attack Surface Management program by assessing detection coverage, visibility, and response readiness across key attack surfaces.

• Serve as the intermediary between the IR team and TIDE, translating analyst needs into actionable engineering requirements and helping prioritize improvements.

• Maintain visibility on evolving IR needs and ensure proactive delivery of scalable, reliable operational enhancements.

What You'll Need:

Education & Experience:

• Bachelor's Degree (or equivalent experience) in a computer-related field

• 3-5 years of experience in cybersecurity operations, incident response, or a similar domain (or equivalent combination of education and experience).

• Hands-on experience with workflow automation - such as building automation playbooks, creating scripts, or leveraging tools like TINES, AWS Lambda, or SOAR platforms.

Technical Expertise:

• Experience with ServiceNow, Jira, or similar workflow/ticketing tools

• Strong IT background (networking fundamentals, systems) and expertise with OSX

• Strong analytical and problem-solving skills with a passion for operational efficiency.

• Experience with project management or process improvement in a technical environment.

• Excellent communication and interpersonal skills; ability to interface with both technical and non-technical stakeholders.

• Familiarity with cybersecurity technologies and concepts, particularly incident response, containment, and automation.

Analytical & Communication Skills:

• Effective communication skills in English (verbal and written)

• Ability to maintain strict confidentiality and operate independently in high-pressure situations

Preferred Skills & Attributes:

• Scripting knowledge (e.g., Python, Perl, Bash, PowerShell)

• Familiarity with Splunk or other advanced SIEM platforms

• Experience with host and network forensics

• Background in malware analysis

• Familiarity with agile project management and compliance frameworks

• Technical security certifications or advanced academic credentials

#LI-GT1