SAP NS2 Sr. Incident Response Analyst -Tier 2

About The Position

Requirements

• 4–7+ years of experience in Security Operations / Incident Response
• Strong experience with alert triage and investigation workflows
• Strong experience with endpoint and log-based investigations
• Strong experience with EDR, SIEM, and cloud security platforms in a SOC or incident response environment
• Solid understanding of Windows systems and common forensic artifacts
• Solid understanding of network traffic and common protocols
• Solid understanding of identity and authentication mechanisms
• Experience investigating cloud-based security events
• Knowledge of common attacker tactics and techniques
• Ability to analyze large datasets and identify malicious patterns
• Basic scripting or automation skills (e.g., PowerShell, Python)
• Strong analytical thinking and ability to work through complex investigations
• Strong communication skills, including writing clear incident summaries
• Must be a U.S. citizen; this position requires access to customer data.
• SAP NS2 does not offer Visa sponsorships for this role.
• All internals must have manager’s approval to transfer.

Nice To Haves

• Knowledge of compliance frameworks such as NIST, ISO 27001, or SOC 2
• Security certifications such as GCIA, GCIH, GCFE, CISSP, or similar.
• Experience working in or with highly regulated environments.
• Ability to integrate AI into your process driven workflow(s).
• Background in threat hunting and developing proactive detections in a SOC or incident response environment.
• Familiarity with SAP software and platforms.
• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related technical discipline (or equivalent practical experience).

Responsibilities

• Lead investigations and responses for security incidents across EDR, SIEM, cloud, and identity platforms.
• Perform advanced triage of escalated alerts to determine scope, impact, and severity.
• Execute containment, eradication, and recovery actions for confirmed incidents.
• Analyze endpoint, log, and cloud telemetry to identify malicious activity and attacker behavior.
• Investigate threats such as account compromise, malware execution, and unauthorized access.
• Support monitoring and response for cloud and identity-based threats.
• Serve as an escalation point for Tier 1 analyst investigations and escalations, providing feedback, mentoring, and guidance to improve analysis quality, documentation, and incident handling.
• Document findings, timelines, and outcomes within case management systems.
• Contributes to the improvement of incident response processes and detection capabilities.

Benefits

• Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.
• SAP North America Benefits