Cybersecurity Incident Response Specialist

Incident Response and Investigation

Perform the response to cybersecurity incidents (IT/OT security), managing the lifecycle from CSIRT activation to containment, mitigation, restoration, and post-incident analysis.

Coordinate with internal and external teams, including asset owners, during major incidents for triage, containment, and recovery efforts.

Develop short-term containment and long-term eradication strategies to mitigate the impact of cybersecurity threats and prevent future incidents.

Analyze cybersecurity incidents, including the vulnerabilities exploited and the methods used, and develop response strategies.

Document and track the steps and procedures followed during incident response activities, ensuring accurate reporting.

Provide regular updates to leadership on incident status, impact, and recovery strategies, ensuring clear communication of technical and business impacts.

Collaborate with law enforcement and legal teams on cybercrime investigations (involving forensics investigation) and ensure compliance with legal and regulatory requirements.

Perform post-incident damage assessment to evaluate the impact on systems and data, and conduct post-incident analysis to identify root causes of attacks.

Develop post-incident lessons learned reports for continuous improvement of incident response capabilities.

Automate remediation for low-level incidents to streamline response efforts and improve efficiency.

Participate in and conduct tabletop exercises and drills to enhance incident response readiness and effectiveness.

Continuously improve incident response processes by integrating lessons learned, adopting industry best practices, and keeping up with emerging threats.

Development of cybersecurity Incidents Reports and contributing to internal IR requirements (KPIs status reporting, statistics and dashboard reporting, management and regulatory reports, etc.).

Supporting other cybersecurity defense functions (VM, TI, IR, TH and Assurance) in accordance with business needs.

Support cybersecurity defense audit, compliance, risk and regulatory requirements

Digital Forensics Examination and Malware Analysis

Conduct forensic analysis of systems, networks, and digital artifacts involved in cybersecurity incidents, preserving evidence following forensically sound procedures.

Use advanced forensic tools to collect and analyze data from compromised devices and perform memory forensics to identify malware or indicators of compromise.

Perform malware reverse engineering to analyze the behavior of malicious code and identify attack vectors.

Prepare detailed forensic reports and present findings to stakeholders, including senior leadership, legal teams, and external authorities, as necessary.

Analyze logs, network traffic, and digital artifacts to reconstruct incidents and assess malicious activity.

Perform post-incident forensic analysis to identify root causes of attacks and assess damage.

Ensure that forensic activities follow legal requirements for data collection, evidence preservation (i.e. Chain of Custody), and reporting.

Collaborate with law enforcement and legal teams on cybercrime investigations, providing detailed forensic reports for legal proceedings.

Policies, Processes and Procedures

Conduct day-to-day activities while ensuring compliance to policies and procedures

Contribute to the identification of opportunities for continuous improvement of systems, processes considering leading practices, changes in business environment, cost reduction and productivity improvement