Staff Incident Responder

Warner Bros. Discovery•Atlanta, GA

About The Position

The Staff Incident Responder (Cyber Security Operations Center Analyst) will be responsible for guiding a hybrid team of security analysts tasked to detect, analyze, respond, report, and triage cybersecurity incidents. The successful candidate will also be focused on developing new detection rules/use cases within our SIEM and security tool stack. This individual must be highly organized and able to manage multiple projects and deliverables at once. This is an opportunity to contribute to a high-impact security team in a fast-paced environment, driving continuous improvement and innovation in cyber defense.

Requirements

5+ years of relevant experience or equivalent combination of education and work experience
Ability to think critically to solve problems.
Ability to perform root cause analysis of problems or security events.
Familiarity with Linux, MAC and Windows Operating Systems.
Experience performing log analysis from a variety of host-based and network-based sources.
Familiarity with EDR solutions
Familiarity with SIEM platforms
Familiarity with forensic evidence concepts
Knowledge of exploits, vulnerabilities, malware families and common attack vectors
Scripting (Python, PowerShell, bash), regex experience is preferred.
Experience with firewalls, intrusion detection/prevention systems
Effective in collaborating with teams in remote offices.
Exceptional verbal and written communication skills, specifically the ability to communicate within the context of the intended audience, whether that be senior executives or highly technical engineering resources.

Nice To Haves

Intermediate or higher Security Certifications are a plus - CYSA+, CISSP, CFR, CHFI, GCIH, GCFA, or GNFA, PenTest+, OSCP, etc.

Responsibilities

Advise, implement, and continuously improve security detections and alerting mechanisms to enhance threat visibility and reduce risk.
Collaborate on, maintain, and enforce technical and administrative security processes and procedures to support consistent and effective security operations.
Document, publish, and communicate investigative findings across the organization to drive continuous improvement and institutional awareness.
Support the refinement, development, and optimization of SOAR automations to improve response efficiency and reduce manual intervention.
Advise ongoing alert logic refinement through systematic tuning, validation, and allowlisting to improve alert fidelity and reduce false positives.
Support IR investigations
Incident support through delivery of Work Streams items and contributions to incident reports.
Serve as the technical escalation point for the Tier 1 and Tier 2 CSOC resources.
Provide ad-hoc training to team members.
Contribute to CSOC maturity projects under the guidance of Cyber Operations Leadership
Partner with Security Engineering teams to enhance features and capabilities within current security tooling.
Create and update written policies and procedures to align with new technologies or improved detection fidelity.