Sr. Associate Manager - Threat Intelligence & DFIR Specialist

Role & responsibilities

Incident Management:

• Lead the end-to-end incident response lifecycle, including detection, analysis, containment, eradication, and recovery.

Threat Investigation:

• Analyze and investigate a variety of attack vectors, such as:

• Identity attacks include credential

   abuse, privilege escalation, and MFA bypass.

• Web Attacks:

   SQL injection, cross-site scripting (XSS), remote code execution.

• Network Attacks:

   DDoS, lateral movement, traffic manipulation.

• Cloud Threats:

   IAM misconfigurations, exposed services, container security vulnerabilities.

Collaboration & Coordination:

• Work closely with SOC analysts, threat intelligence teams, forensics, and engineering groups during and after security incidents.

Root Cause Analysis:

• Conduct comprehensive investigations to determine the root cause of incidents and provide actionable remediation recommendations.

Process Improvement & Documentation:

• Document all incident response procedures and lessons learned. Contribute to the continuous improvement of our detection and response capabilities.

Proactive Security Measures:

• Participate in threat hunting and purple team exercises to enhance overall security preparedness.

Preferred candidate profile

• A minimum of 5 years of hands-on experience in cybersecurity incident response or security operations.
• Proven expertise in investigating and mitigating incidents across one or more areas: identity, web, network, or cloud.
• Proficiency with SIEM, EDR, and SOAR tools (e.g., Splunk, Sentinel, CrowdStrike).
• Experience in hybrid or cloud-first environments (AWS, Azure, or GCP).
• Strong understanding of frameworks and methodologies such as MITRE ATT&CK, the cyber kill chain, and threat modeling.
• Excellent written and verbal communication skills, with the ability to document and convey technical details clearly to both technical and non-technical stakeholders.