RemoteLeaf Logo
Log in Sign up

Staff Incident Response Analyst

18 hours, 32 minutes ago
India
Full-time
Lead
Security Analyst
Cybersecurity
AWS Bash EC2 GCP OAuth SIEM Splunk
Apply Now
Alphasense

Alphasense

Alphasense is a global leader in providing high-quality gas sensors and air quality monitors to industrial OEMs. With over 25 years of experience, the company offers a wide range of innovative gas sensor technologies for various applications, including...

Industrial Conglomerates
51-250
Founded 1996
View All Jobs 172

Description

  • Own L2 escalations across all severity levels and act as technical lead for Sev2+ incidents.
  • Scope incidents quickly by determining blast radius, affected assets, and attacker objectives from available telemetry.
  • Make and document containment decisions such as endpoint isolation, account suspension, token revocation, and network blocking.
  • Maintain forensically sound incident timelines with ordered evidence, source attribution, and chain-of-custody.
  • Communicate incident status and findings to the Security Operations Manager for upward briefing.
  • Drive incidents to documented closure, including root cause, attacker path, affected assets, and defensive gaps.
  • Perform deep endpoint triage and host forensics using EDR and Windows/Linux artifact analysis.
  • Lead AWS and GCP incident response, including cloud log forensics, IAM chain reconstruction, and service-specific investigations.
  • Investigate identity provider and CIAM incidents involving audit logs, session anomalies, token misuse, and federated identity attacks.
  • Conduct threat hunts in the SIEM and translate findings into detection recommendations or rule drafts.
  • Support L2 analysts and the MDR partner by providing technical direction, reviewing escalation quality, and coaching on missing context.
  • Document investigation methodology clearly so closed cases can serve as learning material for L2 analysts.

Requirements

  • 6+ years of hands-on incident response experience, including at least 3 years at a senior or staff technical level.
  • Expert-level EDR proficiency with tools such as CrowdStrike Falcon or SentinelOne, including remote triage and custom detection rule authorship.
  • Deep AWS incident response capability, including CloudTrail forensics, IAM chain analysis, EC2 and Lambda investigation, and IMDS/assumed-role abuse patterns.
  • Strong Windows forensics skills with the ability to reconstruct attacker activity from artifacts such as Prefetch, MFT, Shimcache, event logs, and registry data.
  • Solid Linux forensics experience covering persistence mechanisms, cron, SUID analysis, process anomalies, and log artifact interpretation.
  • Hands-on SIEM investigation and detection experience with tools such as Google SecOps/Chronicle, Splunk, or Microsoft Sentinel.
  • Identity incident response experience in an enterprise IdP such as Okta or Entra ID, including audit log forensics and admin abuse pattern analysis.
  • Demonstrated ability to scope and lead Sev1 incidents autonomously, including containment decisions and cross-functional coordination.
  • Strong technical writing skills for timelines, evidence summaries, and escalation handoffs.
  • MITRE ATT&CK fluency for describing attacker behavior.
  • Memory forensics experience using Volatility or equivalent is preferred.
  • Malware analysis skills, including static analysis, dynamic sandbox review, and YARA rule authorship, are preferred.
  • GCP incident response experience using Cloud Audit Logs, VPC Flow Logs, and IAM policy analysis is preferred.
  • CIAM forensics experience with platforms such as Auth0 or Cognito is preferred.
  • Experience receiving and evaluating escalations from an MSSP or MDR partner is preferred.
  • Familiarity with CSPM tools such as Wiz, Prisma Cloud, or Orca is preferred.
  • DFIR certifications such as GCFE, GCFA, GCFR, GREM, or GCIH are preferred.
  • Prior experience in a SaaS company, financial services, or another regulated environment is preferred.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Mercier Consultancy

Norwegian Speaking Digital Trust and Safety Analyst - Work In Bulgaria

Mercier Consultancy Professional Services

Mercier Consultancy MD is hiring a Norwegian-speaking Digital Trust and Safety Analyst in Bulgaria to monitor platform activity, address safety risks, and support a safer user experience.

Bulgaria Norway Full-time Junior Security Analyst
5 hours, 21 minutes ago
MetroStar

Sr. Network Administrator II (6617)

MetroStar 251-1K IT Services

MetroStar is seeking a Sr. Network Administrator II to support secure network operations for the Department of State by maintaining, monitoring, and improving network reliability, availability, performance, and security in a dynamic NOC environment.

United States Full-time Senior Network Engineer Security Analyst
$120k-$152k
Cisco DHCP DNS Fiber HTTP Nagios Splunk TCP/IP Wireshark Zabbix
6 hours, 30 minutes ago
Mercier Consultancy

Spanish-Speaking Cybersecurity Customer Agent - Work In Greece - Paid Relocation

Mercier Consultancy Professional Services

Mercier Consultancy MD is hiring a Spanish-speaking Cybersecurity Customer Agent in Greece to provide client support and guidance that helps Spanish-speaking customers protect their digital assets.

Bulgaria Greece Portugal Spain Full-time Junior Customer Support Security Analyst
CRM Cybersecurity
13 hours, 23 minutes ago
Mercier Consultancy

Turkish Speaking Digital Trust and Safety Specialist - Work In Sofia

Mercier Consultancy Professional Services

Mercier Consultancy MD is hiring a Turkish Speaking Digital Trust and Safety Specialist in Sofia, Bulgaria to help monitor platform activity, investigate safety issues, and support policy enforcement across its digital services.

Belgium Bulgaria Germany Greece Netherlands Spain Full-time Junior Customer Support Security Analyst
1 day ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers