CSIRT Analyst

Jobgether

19h•Remote

About The Position

This role is ideal for a cybersecurity professional who thrives in a fast-paced, fully remote environment and is passionate about defending digital assets from advanced threats. You will serve as a key escalation point for internal security incidents, leading end-to-end incident response and collaborating across multiple functions to strengthen organizational resilience. The position involves analyzing complex security events, improving telemetry and detection capabilities, and implementing best practices for proactive threat mitigation. You will drive continuous improvement through lessons learned, playbook development, and cross-functional coordination. The role emphasizes both technical expertise and strategic thinking, with opportunities to influence security operations at a global scale. Your work will ensure that internal systems and processes are as secure as the products delivered to customers, directly impacting overall organizational cybersecurity posture.

Requirements

8+ years of experience in Incident Response, SOC Operations, or Digital Forensics (DFIR).
Advanced knowledge of EDR/MDR platforms, SIEM/ELK log aggregation, and cloud security environments (AWS, Azure, M365).
Proven problem-solving skills with the ability to analyze root causes and implement technical solutions.
Experience leading small project teams and aligning technology stacks across functions.
Strong communication skills, able to convey complex technical information to technical teams and executives.
Familiarity with automation/SOAR platforms and documentation tools (e.g., Confluence, Jira, Lucidchart).
Proactive and forward-thinking mindset, with a focus on building a culture of inclusive security awareness.

Responsibilities

Lead identification, triage, and validation of security incidents, acting as the primary internal escalation point from the SOC.
Design, plan, and execute incident response exercises (tabletops, purple teaming) to ensure organizational readiness.
Partner with engineering, detection, and product security teams to optimize telemetry and detection capabilities.
Collaborate with offensive security teams to close visibility gaps and enhance defense against modern threat actor techniques.
Conduct cross-functional Post-Incident Reviews (PIRs), translating lessons learned into actionable remediation tasks and tooling/process improvements.
Develop and maintain comprehensive playbooks, system configurations, and incident response standards.
Communicate incident findings and lessons learned to stakeholders at all levels.