Sr. Associate Manager - Threat Intelligence & DFIR specialist

We are seeking an experienced Cybersecurity Incident Response Analyst with 5 years of hands-on expertise in managing complex security incidents. In this role you will be responsible for detecting analyzing and responding to threats across various domains including identity web network and cloud environments. The ideal candidate will demonstrate a strong threat-hunting mindset excellent analytical skills and the ability to thrive under pressure while collaborating effectively with cross-functional teams.

Key Responsibilities

Incident Management:

• Lead the end-to-end incident response lifecycle including detection analysis containment eradication and recovery.

Threat Investigation:

• Analyze and investigate a variety of attack vectors such as:
• Identity attacks include credential abuse privilege escalation and MFA bypass.
• Web Attacks: SQL injection cross-site scripting (XSS) remote code execution.
• Network Attacks: DDoS lateral movement traffic manipulation.
• Cloud Threats: IAM misconfigurations exposed services container security vulnerabilities.

Collaboration & Coordination:

• Work closely with SOC analysts threat intelligence teams forensics and engineering groups during and after security incidents.

Root Cause Analysis:

• Conduct comprehensive investigations to determine the root cause of incidents and provide actionable remediation recommendations.

Process Improvement & Documentation:

• Document all incident response procedures and lessons learned. Contribute to the continuous improvement of our detection and response capabilities.

Proactive Security Measures:

• Participate in threat hunting and purple team exercises to enhance overall security preparedness.

Qualifications :

Required Skills & Qualifications

• A minimum of 5 years of hands-on experience in cybersecurity incident response or security operations.
• Proven expertise in investigating and mitigating incidents across one or more areas: identity web network or cloud.
• Proficiency with SIEM EDR and SOAR tools (e.g. Splunk Sentinel CrowdStrike).
• Experience in hybrid or cloud-first environments (AWS Azure or GCP).
• Strong understanding of frameworks and methodologies such as MITRE ATT&CK the cyber kill chain and threat modeling.
• Excellent written and verbal communication skills with the ability to document and convey technical details clearly to both technical and non-technical stakeholders.

Preferred Qualifications

• Industry certifications include GCIH GCFA GNFA GCIA or relevant cloud security certifications (AWS Azure or GCP).
• Experience with scripting or automation (e.g. Python PowerShell Bash).
• Exposure to advanced threat hunting and threat intelligence practices.

Additional Information :

All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Full-time