Responsibilities

The Incident Response Analyst will provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles, rapidly validating alerts, enriching with context, suppressing false positives, and acting on confirmed threats. They will gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact, execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success, escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution. The analyst will consistently meet or exceed response-time targets for critical and high-urgency tickets, record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations, identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity, and participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.