Investigate and manage security threats across endpoint, network, identity, and cloud environments from detection through containment. Contribute to detection rule tuning and maintain incident response runbooks to improve team efficiency.
About the Role
You will be at the center of our detection and response operations - investigating real threats across endpoint, network, identity, and cloud environments.
This is a tierless role - you own your cases end-to-end, from first alert through containment and documentation, across multiple client environments simultaneously.
What You'll Do
- Investigate alerts across multiple EDR platforms (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint).
- Conduct end-to-end investigations correlating data across firewall, DC, email security, EDR, and cloud audit logs.
- Investigate threats across cloud environments (AWS, Azure, GCP) - including identity abuse, misconfigurations, and cloud-native attack techniques.
- Monitor and triage alerts; determine scope, severity, and escalation path.
- Classify, document, and track cases through their full lifecycle using ticketing and case management systems.
- Contribute to detection rule tuning across SIEM and EDR platforms to reduce false positives and close coverage gaps.
- Maintain shift handover documentation and contribute to IR runbooks and playbooks.
- Share knowledge through peer walkthroughs, ticket reviews, and internal sessions that raise the team's level.
What You'll Bring
- Solid grasp of network protocols, attack patterns, and core security controls (firewall, IDS/IPS, proxy, WAF).
- Hands-on familiarity with at least one EDR platform and SIEM environment.
- Understanding of Windows/Linux internals relevant to attacker techniques (persistence, lateral movement, credential access).
- Foundational knowledge of cloud environments - IAM, logging, and common attack surfaces.
- Fluent written and spoken English.
- Availability for 9-hour rotating shifts, including nights and weekends (Sun–Sat).
- A drive to keep learning - you are always in a cycle of improving your skills, deepening your knowledge, and raising your own bar.
- Self-motivated and independent - you take ownership, dig deep into every investigation, and push yourself to find the full answer.