Staff Incident Response Analyst

📋 Description

• Lead L2 escalations and Sev2+ incidents; act as technical escalation point
• Hands-on hunting in SIEM; pull host artifacts via EDR; trace IAM in cloud logs
• Forensic timelines with chain-of-custody; collaborate across teams
• Containment decisions: endpoint isolation, token revocation, network blocks
• Lead cloud IR across AWS and GCP; IAM & CSPM context
• Threat hunting and detection contribution; improve detections

🎯 Requirements

• 6+ years hands-on incident response; at least 3 years at senior or staff level
• Expert EDR proficiency (CrowdStrike Falcon, SentinelOne); remote triage and rule authorship
• Deep AWS IR: CloudTrail forensics, IAM chain analysis, EC2/Lambda investigations
• Strong Windows forensics: Prefetch, MFT, Shimcache, event logs, registry hives
• Hands-on SIEM experience (Google Chronicle, Splunk, Microsoft Sentinel)
• MITRE ATT&CK fluency and IdP forensics (Okta, Entra ID)