Lead Security Specialist (Incident Response)

Scope:

• The successful applicant will have a demonstrable passion for security and willingness to progress within the role and support the Senior SOC Analysts with rule tuning, use case development, purple teaming, Investigation, threat hunting, DFIR, and cyber threat intelligence

What you will do:

• Create process and Palybooks for Threat Hunting.
• Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
• strong understanding of administrative tools and how adversaries may leverage them to live-off-the-land.
• familiar with adversary techniques and attack lifecycles. MITRE ATT&CK® matrix)
• Document remediation required based on input during incident handling or vulnerability identification.
• communicating actionable threat intelligence to both technical and non-Technical Teams
• Responsible for the validation and analysis of investigations within Security Operations Center (SOC) Analysts
• Responsible for completing the documentation of the investigation; determine the validity and priority of the activity and escalate to senior SOC analyst team
• Carry out Level 3 triage of incoming issues (initial assessing the priority of the event, initial determination of incident to determine risk and damage or appropriate routing of security or privacy data request)
• Provide communication and escalation throughout the incident per the SOC guidelines.
• Identify and manage a wide range of intelligence sources to provide a holistic view of the threat landscape and filter out noise to focus and execute upon actionable intelligence.
• Leading the development of actionable use cases to detect, triage, investigate and remediate based on latest threat actor trends, support teams with the technical implementation of parsing log sources creating, validating, and testing alerting queries to reduce false positives
• Ensure that all security events and incidents (internal / external) are logged into ServiceNow and regularly updated and closed within the set SLAs

What we are looking for:

• 7 to 10 years of total experience with 5+ yrs of experience in Incident Response, Security Operations (SOC), or Threat Intelligence.
• Strong knowledge of EDR, SIEM (Splunk, Microsoft Sentinel, or similar), SOAR, IDS/IPS, and forensic tools.
• Hands-on experience with malware analysis, digital forensics, and reverse engineering.
• Familiarity with frameworks like MITRE ATT&CK, NIST CSF, CIS Controls, and ISO 27001.
• Proficiency in log analysis, network security monitoring, and packet analysis (Wireshark, Zeek, etc.).
• Strong scripting skills in Python, PowerShell, or Bash for automation and threat hunting.
• Excellent communication skills to interact with stakeholders, executives, and technical teams.
• Security certifications such as GCFA, GCIH, CISM, CISSP, or CEH are preferred