Hiring: Cybersecurity Specialist – Incident Response & Threat Hunting
This role is ideal for someone who enjoys diving deep into alerts, uncovering hidden threats, strengthening security posture, and working hands‑on with modern detection & response technologies.
About the Role
The Specialist will play a key role in monitoring security events, investigating incidents, and improving cyber‑defense capabilities across complex IT and OT environments. This includes triage, threat analysis, response execution, and the creation of clear, actionable technical documentation.
You will also contribute to proactive threat‑hunting efforts, leverage industry frameworks, and help strengthen detection rules and incident response processes.
Key Responsibilities
Incident Response & SOC Operations
- Monitor and analyze alerts from SIEM, EDR, IDS/IPS, and other security tools.
- Perform triage, investigate potential threats, and assess impact.
- Develop and refine incident response playbooks for common attack vectors (phishing, ransomware, brute-force, etc.).
- Work with Infrastructure, DevOps, and other technical teams to implement containment and remediation steps.
- Prepare post‑incident reports and executive summaries.
Threat Hunting & Cyber Defense
- Conduct proactive threat‑hunting to identify IOCs and suspicious behavior.
- Apply frameworks such as MITRE ATT&CK to map adversary techniques and identify detection gaps.
- Research vulnerabilities and emerging threats; create custom detection rules (YARA, Sigma, KQL).
- Assess IT and OT environments—including SCADA/ICS—for security gaps and alignment with industry best practices.
- Perform log analysis across firewalls, VPNs, identity systems, and more to build attack timelines and strengthen defensive measures.
Required Experience & Skills
- Bachelor’s degree in Cybersecurity, Computer Science, IT, or related field.
- 5+ years in Cybersecurity Operations, Incident Response, or Threat Hunting.
- Hands-on experience with major SIEM and EDR platforms (e.g., Splunk, Sentinel, CrowdStrike, Defender).
- Strong background in writing technical reports, PIRs, and SOPs.
- Experience in digital forensics or packet analysis (e.g., Wireshark).
- Proficiency in security automation or scripting (Python, PowerShell, Bash).
- Ability to create data-flow diagrams and attack-tree workflows.
- Strong analytical mindset and ability to think like an attacker.
- Excellent communication skills for both technical and non-technical audiences.
- Calm under pressure with proven incident management capabilities.
Preferred Certifications
(Not required but nice to have)
- GIAC (GCIH, GCDA)
- CISSP
- CompTIA CySA+
- CTIA
