Sr. Incident Response Analyst

This role provides leadership and expertise in advanced cyber incident response forensic investigations and security operations automation. The position is responsible for investigating and coordinating responses to cybersecurity incidents including malware infections data exfiltration denial-of-service attacks insider threats and other security breaches.

The role works closely with the Security Operations Center (SOC) to triage investigate and respond to security alerts leveraging automation and orchestration to improve response speed and consistency. This individual collaborates with cross-functional teams across IT network engineering vulnerability management and threat intelligence to identify root causes implement remediation actions and strengthen the organizations overall security posture.

Additionally the role supports the development and continuous improvement of incident response processes detection capabilities and SOAR playbooks to enhance operational efficiency and reduce response times.

Responsibilities

• Develop maintain and improve enterprise incident response plans procedures and playbooks aligned with industry frameworks (NIST MITRE ATT&CK etc.).
• Lead and coordinate investigation and response activities for cybersecurity incidents including malware phishing ransomware insider threats and data breaches.
• Work closely with the SOC to triage and investigate alerts determine incident severity and drive appropriate response actions.
• Design develop and maintain SOAR playbooks and automation workflows to streamline security operations and improve incident response efficiency.
• Conduct in-depth forensic investigations across endpoints networks cloud environments and logs to determine root cause scope and impact of incidents.
• Partner with threat intelligence teams to incorporate indicators of compromise (IOCs) threat actor tactics techniques and procedures (TTPs) and emerging threats into detection and response workflows.
• Collaborate with engineering infrastructure and application teams to implement remediation strategies and preventive controls to reduce future risk.
• Support detection engineering efforts by identifying gaps in security monitoring and helping develop improved alerting and detection capabilities.
• Assist with containment eradication and recovery activities following security incidents ensuring systems and services are restored securely.
• Lead post-incident reviews and root cause analysis to identify lessons learned and drive improvements to detection response processes and security architecture.
• Produce clear incident reports and executive summaries for leadership and stakeholders including recommended improvements.
• Act as a primary point of coordination with internal stakeholders third-party partners legal teams and external agencies when required.
• Monitor emerging threats vulnerabilities and attacker techniques to proactively improve detection and response capabilities.
• Partner with vulnerability management and security engineering teams to proactively address security gaps identified during investigations.
• Continuously improve SOC and incident response operations through metrics automation and operational maturity initiatives.

Qualifications/ preferred skills

• Experience with SIEM platforms (Splunk Sentinel QRadar etc.)
• Experience with SOAR platforms (XSOAR Tines Swimlane etc.)
• Endpoint detection and response (EDR/XDR) technologies
• Digital forensics and incident response (DFIR) methodologies
• MITRE ATT&CK framework familiarity
• Threat hunting and detection engineering experience
• Scripting or automation experience (Python PowerShell APIs)

Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race color religion sex national origin disability veteran status age sexual orientation gender identity or other protected characteristics.

SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law.

Sony Pictures does not allow audio recording video recording or use of AI note-taking tools during interviews. Please be aware these tools may be enabled as a default and can be difficult to disable once the interview has started so we recommend you check your device and disable these tools prior to the start of your interview. If recording or the use of the tools occurs during the interview and cannot be promptly turned off or disabled the interviewer may end the interview.

To request an accommodation for purposes of participating in the hiring process you may contact us at