L2 Incident Response Analyst

Colombo - Sri Lanka

Monthly Salary: Not Disclosed

Posted on: 5 hours ago

Vacancies: 1 Vacancy

Job Summary

Key Responsibilities

Perform deep-dive analysis on escalated alerts: correlate logs (SIEM) network traffic endpoint (EDR) and threat intelligence
Confirm scope severity and root cause; classify based on NIST/ISO 27035 guidelines
Lead containment eradication and recovery steps (e.g. isolate endpoints revoke credentials)
Coordinate incident response war rooms and liaise with L1 L3 and business stakeholders
Conduct post-incident reviews; document timelines evidence and lessons learned
Recommend preventive controls and SOC improvements (playbook updates SIEM rule tuning)
Analyze Red Team findings incorporate into IR playbooks escalations and detection logic
Support tuning of SIEM (Sentinel preferred) EDR and alerting thresholds
Participate in cyber drills tabletop exercises and metrics review to enhance SOC maturity
Maintain incident tickets and generate comprehensive incident reports including timeline impact root cause and recommended mitigation

Person Specifications

35 years in security operations incident response or SOC Analyst roles
Bachelors degree in Cybersecurity Computer Science or related field
Certifications: GCIH GCFA GREM CEH preferred
Hands-on experience with SIEM tools (Microsoft Sentinel strongly preferred; Splunk QRadar)
Practical knowledge of EDR technologies threat intelligence platforms packet analysis and forensic tools
Experience working with Red Team or penetration test findings in strengthening SOC defenses
Solid understanding of incident response lifecycle threat actor tactics and detection frameworks like MITRE ATT&CK
Proficiency in log analysis endpoint forensics packet analysis (e.g. Wireshark) and IOC extraction
Familiarity with IR frameworks and compliance standards (NIST ISO 27035 GDPR/PDPA)
Strong communication skills; capable of leading incident discussions and coordinating with diverse teams

Nice to have

Scripting skills (Python PowerShell) for automation and data analysis
Threat hunting experience analyzing Red Team reports for SOC enhancements
Exposure to SOAR tools vulnerability management and cloud-native IR in Azure/AWS environments
ITIL ITSM or incident management experience

Key ResponsibilitiesPerform deep-dive analysis on escalated alerts: correlate logs (SIEM) network traffic endpoint (EDR) and threat intelligenceConfirm scope severity and root cause; classify based on NIST/ISO 27035 guidelinesLead containment eradication and recovery steps (e.g. isolate endpoints re...

Key Responsibilities

Perform deep-dive analysis on escalated alerts: correlate logs (SIEM) network traffic endpoint (EDR) and threat intelligence
Confirm scope severity and root cause; classify based on NIST/ISO 27035 guidelines
Lead containment eradication and recovery steps (e.g. isolate endpoints revoke credentials)
Coordinate incident response war rooms and liaise with L1 L3 and business stakeholders
Conduct post-incident reviews; document timelines evidence and lessons learned
Recommend preventive controls and SOC improvements (playbook updates SIEM rule tuning)
Analyze Red Team findings incorporate into IR playbooks escalations and detection logic
Support tuning of SIEM (Sentinel preferred) EDR and alerting thresholds
Participate in cyber drills tabletop exercises and metrics review to enhance SOC maturity
Maintain incident tickets and generate comprehensive incident reports including timeline impact root cause and recommended mitigation

Person Specifications

35 years in security operations incident response or SOC Analyst roles
Bachelors degree in Cybersecurity Computer Science or related field
Certifications: GCIH GCFA GREM CEH preferred
Hands-on experience with SIEM tools (Microsoft Sentinel strongly preferred; Splunk QRadar)
Practical knowledge of EDR technologies threat intelligence platforms packet analysis and forensic tools
Experience working with Red Team or penetration test findings in strengthening SOC defenses
Solid understanding of incident response lifecycle threat actor tactics and detection frameworks like MITRE ATT&CK
Proficiency in log analysis endpoint forensics packet analysis (e.g. Wireshark) and IOC extraction
Familiarity with IR frameworks and compliance standards (NIST ISO 27035 GDPR/PDPA)
Strong communication skills; capable of leading incident discussions and coordinating with diverse teams

Nice to have

Scripting skills (Python PowerShell) for automation and data analysis
Threat hunting experience analyzing Red Team reports for SOC enhancements
Exposure to SOAR tools vulnerability management and cloud-native IR in Azure/AWS environments
ITIL ITSM or incident management experience