Monitor and respond to cybersecurity alerts generated from SIEM provider dashboards and security monitoring platforms.
Investigate, remediate, and document security incidents reported through automated alerts, tickets, emails, phone calls, or external SOC notifications.
Act as the primary investigator for potential security incidents identified by SOC analysts or monitoring tools.
Follow documented incident response playbooks while exercising sound judgment to contain and remediate threats.
Investigate phishing emails, user-reported security concerns, and potential attempts at fraud or financial loss.
Review authentication, endpoint, network, and application activity for anomalous or malicious behavior.
Analyze firewall logs, IDS alerts, intrusion prevention activity, anti-malware events, server logs, and application logs.
Monitor intrusion detection systems for indicators of compromise or suspicious activity.
Correlate data across SIEM, IDS, endpoint, and firewall platforms to support incident investigations.
Perform log reviews using standardized incident response and log review templates.

Minimum of three years of experience directly related to incident response, security monitoring, or cybersecurity operations.
Hands-on experience with SIEM platforms, incident response tooling, and alert monitoring solutions.
Experience with firewall technologies, network security concepts, and endpoint protection platforms.
Experience performing log analysis and incident investigations across multiple data sources.
Exposure to Linux operating systems preferred.
Working knowledge of SIEM and security monitoring platforms
Firewalls, TCP/IP networking, LAN/WAN infrastructure
Endpoint protection and anti-malware solutions
IDS/HIDS platforms
Microsoft 365 security tools
Ability to relay technical information to both technical and non-technical personnel.
Ability to write technical documentation.

Technical Incident Response Analyst

Key skills