Incident Response Specialist

CyberOne
Remote

About The Position

The Incident Response Specialist will play a key role in supporting customers through all stages of a cyber incident, from initial investigation through to containment, eradication, recovery and post-incident reporting. Working alongside senior Incident Responders and Incident Managers, you will conduct technical investigations, analyse evidence, identify attacker activity and support customers during some of their most critical cyber security events. The role also supports proactive security services including Incident Response Readiness Assessments, Tabletop Exercises, Threat Hunting and Threat Intelligence activities. This is an excellent opportunity for an experienced SOC Analyst or early-career Incident Responder looking to develop into a senior DFIR consultant.

Requirements

  • Relevant experience in Cyber Security or Incident Response.
  • Strong English communication skills.

Nice To Haves

  • SC-200 Microsoft Security Operations Analyst
  • SC-100 Cybersecurity Architect
  • AZ-500 Microsoft Azure Security Technologies
  • GCIH
  • GCFA
  • GNFA
  • CompTIA Security+
  • CREST Practitioner or equivalent

Responsibilities

  • Investigate cyber security incidents affecting customer environments.
  • Analyse endpoint, network, cloud and identity-based evidence.
  • Perform host-based investigations across Windows and Microsoft 365 environments.
  • Support containment, eradication and recovery activities.
  • Identify attacker tactics, techniques and procedures (TTPs) using the MITRE ATT&CK framework.
  • Collect, preserve and analyse forensic artefacts where appropriate.
  • Produce Indicators of Compromise (IOCs) and detection recommendations.
  • Support evidence collection for regulatory or legal requirements.
  • Analyse Microsoft Defender XDR telemetry.
  • Investigate Microsoft Sentinel incidents.
  • Review Windows Event Logs and Sysmon data.
  • Analyse Entra ID sign-in and audit logs.
  • Investigate Exchange Online activity.
  • Perform malware triage and basic static analysis.
  • Review firewall, proxy, VPN and authentication logs.
  • Conduct threat hunting activities across customer environments.
  • Participate in customer investigation calls.
  • Explain technical findings to both technical and non-technical audiences.
  • Produce high-quality investigation reports.
  • Provide remediation recommendations.
  • Support post-incident lessons learned workshops.
  • Support delivery of Incident Response Readiness Assessments
  • Support delivery of Tabletop Exercises
  • Support delivery of Threat Hunting engagements
  • Support delivery of Threat Intelligence services
  • Support delivery of Security posture reviews
  • Support delivery of AI security investigations where required
  • Develop new investigation playbooks.
  • Improve Incident Response procedures.
  • Contribute to internal knowledge sharing.
  • Support development of detection content.
  • Assist with automation opportunities using Microsoft and AI technologies.
  • Demonstrate a security-first mindset and ensure that information security considerations are incorporated into their day-to-day activities, decision-making, and interactions with customers, suppliers, and colleagues.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service