SOC IMR Analyst

Role Description:

Our Cyber Defense Unit is expanding, and we are looking for a talented Security Analyst to join our Incident Management & Response (IMR) team. You will lead the lifecycle of major cybersecurity incidents, from identification through containment, eradication, and recovery, while coordinating with technical teams and executive stakeholders to ensure a timely and effective response.

Key Responsibilities:

• Lead and coordinate end-to-end cybersecurity incident response activities, ensuring incidents are fully resolved and lessons learned are documented.
• Manage escalations from L1 and L2 SOC analysts and CISO teams, including complex or specialist investigations.
• Act as the primary point of contact for Group-level cyber incidents, collaborating closely with both analyst teams and executive stakeholders.
• Deliver clear, concise status updates for stakeholders at all levels.
• Prepare comprehensive incident reports tailored to both technical and non-technical audiences.
• Interpret and present technical cybersecurity subjects to executives.
• Conduct in-depth technical investigations using SIEM, HIPS/NIPS, EDR/AV, UBEA, and other monitoring tools.
• Perform threat and vulnerability analysis and provide advisory services to CISO teams and internal stakeholders.
• Provide oversight for specialized investigations such as digital forensics and investigative interviews, ensuring alignment with standards and legislation.
• Define, improve, and support incident response processes, playbooks, and methodologies.
• Contribute to audit support and maintain documentation.
• Provide regular metrics, reports, and trend analysis across weekly and monthly cycles.
• Analyze and improve the effectiveness of existing use cases.
• Develop and deliver documentation, knowledge articles, and visual materials.
• Support lessons learned sessions and contribute to improving the Cyber Defense Unit’s maturity.
• Stay current on emerging threats, technologies, and regulatory changes.
•  you may participate in: User awareness campaigns, Phishing simulations, Vulnerability management, Cyber-scenario exercises, Security assurance activities

Experience & Qualifications:

• 3+ years in Information Security or related fields.
• Incident management certifications such as CCIM, GCIH.
• Technical certifications such as GCFA, CHFI, CFCE.
• Vendor certifications such as CrowdStrike Falcon Responder, Splunk Cybersecurity Defense Analyst, EnCE.
• Experience with ITIL frameworks.
• Technical background in computing, networks, or programming.
• Familiarity with risk and control frameworks (e.g., NIST IR lifecycle, Cyber Kill Chain).
• Industry-recognized certifications such as CISSP or CISM. 
• Proven experience handling cybersecurity incidents and risk management.
• Strong written and verbal communication skills in English.
• Experience in digital forensics, threat hunting, or enterprise‑scale incident response.
• Ability to manage multiple priorities in fast‑paced environments.
• Hands-on experience with SOC monitoring and intrusion detection tools (e.g., CrowdStrike, Splunk ES, VirusTotal Enterprise).
• Broad understanding of the cybersecurity threat landscape.
• Solid grasp of IT and security methodologies and technologies.