Incident Responder - L3

Job Overview :

As an SQ1 Security Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC), you will serve as a key technical expert responsible for managing and responding to advanced cyber threats, performing detailed investigations, and strengthening the customer’s overall security posture. This role blends hands-on technical expertise with mentoring responsibilities, focusing on effective threat detection, incident response, and the continuous enhancement of SOC capabilities.

Key Responsibilities :

• Lead investigations into escalated security incidents, providing detailed analysis, containment, and remediation strategies.
• Perform advanced malware analysis, reverse engineering, and develop custom detection signatures to enhance threat visibility.
• Integrate global threat intelligence into SOC operations to proactively identify and mitigate emerging attack techniques.
• Manage and optimize SIEM platforms (e.g., Wazuh, Elastic Search, Datadog, Splunk, QRadar, Microsoft Sentinel) for effective log correlation and alerting.
• Develop and maintain SOC use cases, playbooks, and runbooks to standardize and strengthen incident response processes.
• Mentor and guide junior analysts, fostering knowledge sharing and skill development within the SOC team.
• Stay up to date with the latest cybersecurity trends, threats, and technologies to continuously evolve detection and response strategies.

Required Skills / Technologies / Tools :

Experience :

Minimum of 10 years in IT, including at least 5 years in Cybersecurity and Incident Response roles.

Certifications :

Professional certifications such as

CISSP, CISM, GSEC, CEH , or other relevant security credentials.

Technical Expertise :

Strong understanding of

security protocols, cryptography, authentication, and authorization mechanisms .

Hands-on experience with

Incident Response ,

Threat Analysis , and

Malware Investigation .

Experience in

Antivirus (AV)

and

Endpoint Detection & Response (EDR)

technologies and tools.

Proficiency in

log analysis

across

firewalls, proxy servers, operating systems, databases , and

middleware —preferably via

SIEM platforms

(e.g., Wazuh, Splunk, QRadar, Microsoft Sentinel, Datadog, Elastic).

Analytical Skills :

Excellent problem-solving, analytical, and investigative abilities to identify and mitigate complex security incidents.

Tool Proficiency :

Demonstrated ability to use and manage various

security tools, platforms, and automation frameworks

to enhance detection and response capabilities

Automated Incident Response :

AI-driven systems can automatically prioritize alerts, correlate events, and even execute predefined response actions

Good to have Technologies / Tools

Certifications :

GCIH or CREST Incident response certifications , or other relevant security credentials.