The Incident Response Specialist will investigate cyber security incidents across customer environments, from initial investigation through containment, eradication, recovery, and post-incident reporting. Responsibilities include technical analysis of endpoint, network, cloud, and identity evidence, threat hunting, and proactive security services. Candidates must have relevant cyber security experience and strong English communication skills.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
Job Title: Incident Response Specialist
Location: PH - Fully Remote
Employment Type: Full-time
About The Role
The Incident Response Specialist will play a key role in supporting customers through all stages of a cyber incident, from initial investigation through to containment, eradication, recovery and post-incident reporting.
Working alongside senior Incident Responders and Incident Managers, you will conduct technical investigations, analyse evidence, identify attacker activity and support customers during some of their most critical cyber security events.
The role also supports proactive security services including Incident Response Readiness Assessments, Tabletop Exercises, Threat Hunting and Threat Intelligence activities.
This is an excellent opportunity for an experienced SOC Analyst or early-career Incident Responder looking to develop into a senior DFIR consultant.
What You’ll Do
Incident Response
- Investigate cyber security incidents affecting customer environments.
- Analyse endpoint, network, cloud and identity-based evidence.
- Perform host-based investigations across Windows and Microsoft 365 environments.
- Support containment, eradication and recovery activities.
- Identify attacker tactics, techniques and procedures (TTPs) using the MITRE ATT&CK framework.
- Collect, preserve and analyse forensic artefacts where appropriate.
- Produce Indicators of Compromise (IOCs) and detection recommendations.
- Support evidence collection for regulatory or legal requirements.
- Analyse Microsoft Defender XDR telemetry.
- Investigate Microsoft Sentinel incidents.
- Review Windows Event Logs and Sysmon data.
- Analyse Entra ID sign-in and audit logs.
- Investigate Exchange Online activity.
- Perform malware triage and basic static analysis.
- Review firewall, proxy, VPN and authentication logs.
- Conduct threat hunting activities across customer environments.
Interested in remote work opportunities in IT & Network Engineering? Discover IT & Network Engineering Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
- Participate in customer investigation calls.
- Explain technical findings to both technical and non-technical audiences.
- Produce high-quality investigation reports.
- Provide remediation recommendations.
- Support post-incident lessons learned workshops.
Support delivery of:
- Incident Response Readiness Assessments
- Tabletop Exercises
- Threat Hunting engagements
- Threat Intelligence services
- Security posture reviews
- AI security investigations where required
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- Develop new investigation playbooks.
- Improve Incident Response procedures.
- Contribute to internal knowledge sharing.
- Support development of detection content.
- Assist with automation opportunities using Microsoft and AI technologies.
Essential
What We’re Looking For
- Relevant experience in Cyber Security or Incident Response.
- Strong English communication skills.
- SC-200 Microsoft Security Operations Analyst
- SC-100 Cybersecurity Architect
- AZ-500 Microsoft Azure Security Technologies
- GCIH
- GCFA
- GNFA
- CompTIA Security+
- CREST Practitioner or equivalent
Similar Jobs
Explore other opportunities that match your interests