Cyber Security Incident Response Principal Analyst

Role:

The Cyber Security Incident Response Principal Analyst will play a key role in managing and responding to security incidents within WTWs Cyber Security Incident Response Team. Responsibilities of this role will include:

• Serve as the primary lead for significant security incidents coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.
• Establish refine and maintain incident response processes playbooks and workflows to align with industry best practices and WTWs organizational needs.
• Act as the central point of contact for incident response activities ensuring effective communication with internal and external stakeholders including senior leadership Legal HR and Compliance teams.
• Lead the indepth technical investigation of security incidents escalated from the SOC ensuring timely containment eradication and recovery while identifying root causes and potential impact
• Work closely with SOC Threat Hunting CTI Insider Threat and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.
• Lead root cause analysis and postincident reviews to identify gaps implement lessons learned and enhance the overall incident response program.
• Provide mentorship and guidance to junior analysts and conduct tabletop exercises to improve team preparedness.
• Stay informed about emerging threats attack trends and evolving threat actor tactics techniques and procedures (TTPs) to ensure proactive Defense.
• Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
• Evaluate and prioritize incidents based on potential impact and severity escalating issues to higher levels of management or other teams as required.
• Assist in developing and finetuning automation scripts and workflows to enhance incident detection and response efficiency.
• Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
• Act as a liaison between technical teams and business stakeholders ensuring clear communication during incidents and status updates.

Maintain uptodate records of all incident handling activities in incident management systems ensuring alignment with internal policies and audit requirements.

Requirement:

We are looking for a candidate forCyber Security Incident Response who has the following:

• Minimum 5 years of experience in incident response with a strong understanding of cybersecurity principles frameworks and tools.
• Proficient in forensic analysis malware analysis and network traffic analysis. Experience with SIEM tools EDR platforms and threat intelligence integration is essential.
• Proven ability to lead highstakes security incidents and coordinate crossfunctional teams effectively.
• Deep understanding of MITRE ATT&CK cyber kill chain and incident response methodologies.
• Exceptional verbal and written communication skills with the ability to convey complex technical concepts to nontechnical audiences including executives.
• Industry certifications such as CISSP GCIH GCFA or CISM are highly preferred.
• Experience with platforms like Sentinel Splunk Carbon Black or similar technologies.
• A proactive and decisive mindset with the ability to operate under pressure.
• Strong analytical and problemsolving skills to make informed decisions in complex situations.

Collaborative and adaptable with a passion for mentoring and developing team members