Incident Management: Lead the technical response to complex security incidents (ransomware, APTs, insider threats), from detection through to lessons learned (post-mortem).
Threat Hunting: Conduct proactive threat hunting across the network and endpoints based on hypotheses informed by threat intelligence.
Digital Forensics: Collect and analyze digital artifacts (memory, disk, logs) to reconstruct the attack timeline.
Detection Engineering: Create and optimize correlation rules in the SIEM and detection signatures (YARA, Snort/Suricata).
Automation (SOAR): Develop playbooks and scripts (Python/PowerShell) to automate response to repetitive alerts.
Mentorship: Support the technical development of junior and mid-level analysts (Tier 1/2).

Solid Experience: Proven experience on a Blue Team, SOC, or CSIRT (minimum ~3 years recommended).
Frameworks: Strong command of NIST CSF and, especially, MITRE ATT&CK for mapping TTPs (tactics, techniques, and procedures).
Operating Systems: Deep knowledge of Windows internals (Event Logs, Registry, Prefetch) and Linux (logs, kernel, bash).
Defensive Tools: Hands-on experience with SIEM tools (Splunk, Elastic, Sentinel, or QRadar) and EDR/XDR (CrowdStrike, SentinelOne, Defender).
Networking: Deep analysis of network traffic (PCAP) using Wireshark or Zeek.

We believe talented professionals are everywhere; therefore our positions are open to all, regardless of race, age, gender, sexual orientation, gender identity, and/or disability.

Senior Information Security Analyst – Incident Response

Key skills