Role Summary
We are looking for an Incident Response Engineer ( Telco) with strong hands-on experience in host-based investigations, compromise assessments, and forensic triage across diverse platforms. The ideal candidate will be capable of conducting investigations in Windows, Linux, and Unix environments, with additional exposure to container-based infrastructures.
Key Responsibilities
- Perform compromise assessments and large-scale artifact triage across Windows and Linux endpoints and servers.
- Lead and support host-based investigations, including log analysis, timeline reconstruction, and malware behavior identification.
- Utilize, customize, and optimize UAC scripts or related automated investigation tools.
- Conduct incident response activities in containerized environments such as Docker and Kubernetes, including analysis of container logs, images, and runtime behavior.
- Investigate security incidents and perform forensic analysis on Unix-based systems.
- Coordinate with SOC, threat intelligence, and platform teams during incident containment and remediation.
- Document investigation findings, root cause analysis, and technical recommendations.
Required Skills & Experience
- Must-Have Experience : Telecom industry Fraud & Security Analyst , Network Forensics Analyst or SOC Analyst (Telecom), Cyber Security Analyst (Telecom / SOC) .
- Hands-on experience in compromise assessment and enterprise-scale artifact triage.
- Strong background in host-based investigations across Windows, Linux, and Unix platforms.
- Practical experience using or customizing UAC scripts or similar automation tooling.
- Exposure to container ecosystems (Docker/Kubernetes) and their IR workflows.
- Working knowledge of DFIR tools (KAPE, Sysinternals, Velociraptor, OSQuery, ELK/Splunk, etc.).
- Understanding of malware behavior, persistence techniques, and endpoint telemetry.
- Strong analytical, communication, and reporting skills.
- 9 - 12 years of experience required
Preferred Qualifications
- Certifications such as GCIH, GCFA, GCFE, CHFI, or relevant security credentials.
- Familiarity with cloud environments (AWS, Azure, GCP) is a plus.
- Scripting knowledge (Python, PowerShell, Bash) beneficial for automation
- Bachelor's degree in Telecommunication Cybersecurity, Computer Science, or Information Technology.
- Experience in Telecom industry is must
