C

Incident Response Specialist

cyberone • Philippines
Remote
Apply
AI Summary

The Incident Response Specialist will investigate cyber security incidents across customer environments, from initial investigation through containment, eradication, recovery, and post-incident reporting. Responsibilities include technical analysis of endpoint, network, cloud, and identity evidence, threat hunting, and proactive security services. Candidates must have relevant cyber security experience and strong English communication skills.

Key Highlights
Investigate cyber security incidents across Windows, Microsoft 365, and cloud environments
Analyze evidence using MITRE ATT&CK framework and produce IOCs and detection recommendations
Support containment, eradication, recovery, and post-incident reporting for customers
Conduct proactive services including Incident Response Readiness Assessments and Tabletop Exercises
Key Responsibilities
Investigate cyber security incidents affecting customer environments
Analyse endpoint, network, cloud and identity-based evidence
Perform host-based investigations across Windows and Microsoft 365 environments
Support containment, eradication and recovery activities
Identify attacker tactics, techniques and procedures (TTPs) using the MITRE ATT&CK framework
Collect, preserve and analyse forensic artefacts where appropriate
Produce Indicators of Compromise (IOCs) and detection recommendations
Support evidence collection for regulatory or legal requirements
Analyse Microsoft Defender XDR telemetry
Investigate Microsoft Sentinel incidents
Review Windows Event Logs and Sysmon data
Analyse Entra ID sign-in and audit logs
Investigate Exchange Online activity
Perform malware triage and basic static analysis
Review firewall, proxy, VPN and authentication logs
Conduct threat hunting activities across customer environments
Participate in customer investigation calls
Explain technical findings to both technical and non-technical audiences
Produce high-quality investigation reports
Provide remediation recommendations
Support post-incident lessons learned workshops
Support delivery of Incident Response Readiness Assessments
Support delivery of Tabletop Exercises
Support delivery of Threat Hunting engagements
Support delivery of Threat Intelligence services
Support delivery of Security posture reviews
Support delivery of AI security investigations where required
Develop new investigation playbooks
Improve Incident Response procedures
Contribute to internal knowledge sharing
Support development of detection content
Assist with automation opportunities using Microsoft and AI technologies
Technical Skills Required
Microsoft Defender XDR Microsoft Sentinel Windows Event Logs Sysmon Entra ID sign-in and audit logs Exchange Online Malware triage Static analysis Firewall, proxy, VPN, and authentication logs Threat hunting
Benefits & Perks
Fully Remote
Nice to Have
SC-200 Microsoft Security Operations Analyst
SC-100 Cybersecurity Architect
AZ-500 Microsoft Azure Security Technologies
GCIH
GCFA
GNFA
CompTIA Security+
CREST Practitioner

Job Description


Job Title: Incident Response Specialist

Location: PH - Fully Remote

Employment Type: Full-time

About The Role

The Incident Response Specialist will play a key role in supporting customers through all stages of a cyber incident, from initial investigation through to containment, eradication, recovery and post-incident reporting.

Working alongside senior Incident Responders and Incident Managers, you will conduct technical investigations, analyse evidence, identify attacker activity and support customers during some of their most critical cyber security events.

The role also supports proactive security services including Incident Response Readiness Assessments, Tabletop Exercises, Threat Hunting and Threat Intelligence activities.

This is an excellent opportunity for an experienced SOC Analyst or early-career Incident Responder looking to develop into a senior DFIR consultant.

What You’ll Do

Incident Response

  • Investigate cyber security incidents affecting customer environments.
  • Analyse endpoint, network, cloud and identity-based evidence.
  • Perform host-based investigations across Windows and Microsoft 365 environments.
  • Support containment, eradication and recovery activities.
  • Identify attacker tactics, techniques and procedures (TTPs) using the MITRE ATT&CK framework.
  • Collect, preserve and analyse forensic artefacts where appropriate.
  • Produce Indicators of Compromise (IOCs) and detection recommendations.
  • Support evidence collection for regulatory or legal requirements.

Technical Investigation

  • Analyse Microsoft Defender XDR telemetry.
  • Investigate Microsoft Sentinel incidents.
  • Review Windows Event Logs and Sysmon data.
  • Analyse Entra ID sign-in and audit logs.
  • Investigate Exchange Online activity.
  • Perform malware triage and basic static analysis.
  • Review firewall, proxy, VPN and authentication logs.
  • Conduct threat hunting activities across customer environments.

Customer Engagement

  • Participate in customer investigation calls.
  • Explain technical findings to both technical and non-technical audiences.
  • Produce high-quality investigation reports.
  • Provide remediation recommendations.
  • Support post-incident lessons learned workshops.

Proactive Services

Support delivery of:

  • Incident Response Readiness Assessments
  • Tabletop Exercises
  • Threat Hunting engagements
  • Threat Intelligence services
  • Security posture reviews
  • AI security investigations where required

Continuous Improvement

  • Develop new investigation playbooks.
  • Improve Incident Response procedures.
  • Contribute to internal knowledge sharing.
  • Support development of detection content.
  • Assist with automation opportunities using Microsoft and AI technologies.

Employees are expected to demonstrate a security-first mindset and ensure that information security considerations are incorporated into their day-to-day activities, decision-making, and interactions with customers, suppliers, and colleagues.

Essential

What We’re Looking For

  • Relevant experience in Cyber Security or Incident Response.
  • Strong English communication skills.

Advantageous

  • SC-200 Microsoft Security Operations Analyst
  • SC-100 Cybersecurity Architect
  • AZ-500 Microsoft Azure Security Technologies
  • GCIH
  • GCFA
  • GNFA
  • CompTIA Security+
  • CREST Practitioner or equivalent

Similar Jobs

Explore other opportunities that match your interests

IT Specialist

Networking
•
1d ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Mid-Senior level

hire overseas

Philippines

Remote IT Administrator

Networking
•
1w ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Entry level

sd industries, llc

Philippines
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Entry level

Harris Computer

Philippines

Subscribe our newsletter

New Things Will Always Update Regularly