Emergency Incident Responder
Reporting to the Incident Manager, the Emergency Incident Responder is responsible for conducting real-time analysis on escalated cyber security incidents impacting MDR Centre constituency. The responder will analyze security incidents, triage and remediate security incidents and escalate for further treatment as well as manage, mitigate and coordinate remediation activities
• Working with the Incident Manager, to perform the triage and validation of alerts from the various toolsets in the MDR Centre.
• Completing in-depth analysis of alerts that are generated by the various toolsets in use by the MDR Centre.
• Investigating alerts and escalating to the appropriate team for further action.
• Executing approved manual, scripted or automated mitigation actions.
• Coordinating and/or assisting remediation activities as directed.
• Working with the MDR Centre Platform Management team to provide feedback into alerts that
are deemed to be false positive or nor performing properly.
• Working with the Incident Manager to provide feedback into improving and fine tuning the
playbooks as and when appropriate.
• Working cases through to closure in a case management tool.
• Interacting with peer organizations within True Digital to identify root-causes of incidents and
assisting in closing/preventing these incidents in the future.
• Participating in Post-Incident Analysis for key cases closed by the Cyber Security Investigations
and Response team.
• Working with the Threat Intelligence team and Threat Hunter to assist in refining “hunting
grounds” to limit the amount of in-scope data for hunts and provide additional context to
• Hunting through existing sets of data to understand what is normal and what is abnormal.
• Working with respective system and application team to hunt for malicious activity that may or
may not be present in unmonitored applications when incident is detected.
• Investigating abnormal or anomalous behavior identified in hunts.
• Bachelor degree in a related field such as information security, management or computer engineering.
• Experience in the detection, response, mitigation and/or reporting of cyber threats affecting mid to large organization environment.
• Experience in computer intrusion analysis and incident response.
• Experience in network and system surveillance and monitoring, and intrusion detection.
• Good working knowledge and understanding of network protocols, network devices, multiple
operating systems, and secure architecture.
• Experience in system log analysis.
• Experience with current cyber threats and the associated tactics, techniques and procedures
used to infiltrate computer networks, including the use of threat intelligence during the course
• Working experience in a MDR Centre, Security Operations Centre (SOC), Managed Security
Service (MSS), or enterprise network environment is desirable.
• Active CISSP, CISM and CCE or similar certifications are required.
• Other relevant certifications (such as GCIH, GCIA) are desirable.
• Strong attention to detail, concern for data accuracy and high personal integrity.
• In depth experience with industry standard incident handling methodologies.
• Ability to clearly document and communicate findings, opinions, and recommendations to both
technical and non-technical audiences.