Key responsibilities

• Manage the entire incident lifecycle, including identification, analysis, containment, eradication, recovery, and post‑incident tasks, ensuring a rapid and effective response to security events
• Operate, refine, and maintain incident response playbooks and runbooks while helping to improve the CSIRT’s internal toolset for greater operational efficiency and effectiveness
• Triage and investigate security alerts originating from SIEM and EDR platforms, driving rapid containment actions and supporting thorough remediation efforts to mitigate risks
• Conduct and support forensic investigations across systems, networks, memory, and disk, while analyzing attacker techniques, persistence mechanisms, and data exfiltration paths to uncover the full scope of incidents
• Coordinate all incident response activities, working closely and collaboratively with internal teams such as IT operations
• Leverage scripting and prog...