Senior Cyber Security Analyst

The Cyber Incident Response Senior Specialist is a key member of the Cyber Defense team, responsible for investigating and responding to complex cybersecurity incidents across the organization. In addition to monitoring and managing security tools, this role drives advanced incident investigations, proposes effective containment and eradication strategies, and coordinates with stakeholders across multiple local units. The Senior Specialist ensures incidents are handled efficiently, lessons are learned, and the organization’s resilience is continuously improved.

Experience 8 to 12 years Main responsibilities § Security Monitoring & Incident Response: o Perform investigations of cybersecurity incidents (advanced malware, persistent threats, targeted attacks, insider misuse, etc.). o Lead investigations of complex cyber security incidents in close collaboration with various stakeholders in transversal and local units (system and network engineers, ...) o Propose containment and eradication strategies tailored to technical contexts and to threat actors’ tactics and technics. o Act as a point of contact for local units, ensuring alignment, guidance, and timely information exchange during incident handling. o Report incident progress and status updates to the Incident Response Manager and other stakeholders. § Security Tools Management: o Maintain and operate core detection and response tools (EDR, NDR, SIEM, SOAR). o Apply and review exceptions for IT applications while ensuring security standards are met. o Support the team and local units with configuration, fine-tuning, and troubleshooting of security tools. o Ensure availability, accuracy, and effectiveness of security monitoring tools. o Support tool deployment and onboarding of new systems into monitoring scope. o Contribute to the development of detection rules, playbooks, and automation for incident handling. § Leadership and Knowledge sharing: o Act as a senior subject matter expert for incident response activities, and one or several of security tools o Mentor and support junior analysts in developing advanced investigative and response skills. o Drive continuous improvement by identifying gaps in monitoring, detection, and response processes. o Contribute to building a knowledge base of incident response procedures and case studies. Work Relationships § With Cyber Defence Teams (Europe, Americas) to manage daily operations, share expertise and contribute to technical evaluations of security solutions § With Cyber Security Officers at various levels of the organization to ensure proper service delivery, escalate issues and incidents when required and provide recommendations to improve security flaws discovered in their business area § With IT/OT Infrastructure teams to provide technical support for Cyber security solutions, explain and help to execute remediation steps for vulnerabilities and encountered threats Qualification Masters/Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or equivalent experience Minimum requirements § Experience o Proven track record (5–8 years) in incident response, threat hunting, SOC, or equivalent roles. o Experience leading complex investigations and coordinating with multiple stakeholders. § Technical skills o Strong knowledge of EDR (SentinelOne preferably), NDR (Darktrace preferably), SIEM, SOAR and forensic investigation tools. o Comfortable with threat intelligence, malware analysis, and digital forensics. o Strong understanding of network protocols, Windows/Linux systems, and cloud environments. o Great understanding of Windows OS and/or Linux OS internals o Good understanding of any Data Query Language like (SQL, KQL, SPL etc.) o Experience in computer forensics or malware analysis. o Good understanding of common security log sources and log types (MS Windows Security Events, IDS/IPS security events, etc.). o Good understanding of MS Active Directory. o Experience in scripting language (python preferable) and any database engine. o Good understanding of common IOC’s (Indicators of Compromise). o Good understanding of attacker’s tactics and techniques. o Good understanding of cyber kill chain. o Good understanding of LAN - including at least routing, TLS, DNS, Proxy, SSH, HTTPS, FTP, DHCP, ARP, NetBIOS, SMB, IPv6. o Good understanding of network security solutions like NextGen FW, IPS/IDS, NDR, Proxy, MailGateway etc. o Experience in penetration testing (infra, webapps). o Good understanding of cloud security solutions and principles § Soft Skills o Ability to communicate effectively with both technical and non-technical stakeholders. o Strong problem-solving, analytical thinking, and decision-making skills. o Capacity to manage pressure during high-severity incidents. o Self-sufficiency and ability to manage time effectively § Certifications o ITIL, CISSP, GIAC CIL, CEH, OSCP preferre