Security Incident responder

About the Role 

We are seeking a highly skilled Security Incident Responder with strong Purple Team capabilities, who can operate at the intersection of detection engineering, incident response, threat hunting, and adversary simulation.  The ideal candidate brings deep knowledge of security operations (Blue Team), offensive tactics (Red Team), and can act as a technical bridge to strengthen cyber resilience across detection, response, and continuous improvement processes.  

Experience within Fintech, regulated industries is a bonus. 

What you'll do

• Incident Response & Threat Handling 

• • Lead and participate in all phases of the incident response lifecycle: preparation, detection, containment, eradication, recovery, and post-mortem.
  • Investigate security alerts and validate, escalate, or dismiss based on risk impact.
  • Coordinate containment and eradication efforts across endpoints, networks, cloud environments, and identity systems.
  • Conduct root cause analysis and develop lessons learned reports. 

• Threat Hunting & Detection Engineering 
  • Proactively hunt for threats using behavioural, anomaly-based, and signature-based techniques. 
  • Create, tune, and validate SIEM/SOAR detection rules (e.g., MITRE ATT&CK-aligned). 
  • Develop adversary detection logic for endpoint (EDR), network, identity, and cloud telemetry. 
  • Collaborate with threat intel teams to operationalize indicators of compromise (IOCs) and TTPs. 
• Purple Team Collaboration 
  •  
  • Support and lead Purple Team exercises to simulate attack scenarios and validate detection and response capabilities. 
  • Work with Red Team to understand attack vectors and develop appropriate countermeasures. 
  • Provide feedback on gaps in detections and response playbooks.

• Automation & Playbooks   
  • Design and improve SOAR playbooks to accelerate triage and response processes. 
  • Develop automated alert enrichment and incident classification pipelines. 

• Forensics & Malware Analysis 
  • Perform endpoint/network forensics using tools or custom scripts. 
  • Reverse engineer malware samples (optional but a strong plus)

• Reporting & Metrics 
  • Document incident timelines and artifacts with precision for legal, compliance, and audit use. 
  • Provide executive and technical reports including severity assessments and remediation guidance. 

What you'll need

• 4+ years of experience in incident response, SOC Tier 3, threat hunting, or equivalent. 
• Strong understanding of adversary tradecraft (MITRE ATT&CK, Cyber Kill Chain, etc.). 
• Experience with EDRs, SIEMs, SOARs and log pipelines. 
• Solid grasp of Windows, Linux, and cloud security. 
• Familiarity with scripting for automation and analysis. 
• In-depth understanding of network protocols, endpoint artifacts, memory, and log analysis. 
• Comfortable with offensive tools and techniques 
• Experience in vulnerability exploitation, privilege escalation, and lateral movement is a plus. 
• Familiar with forensic acquisition techniques and tools 
• Preferred Certifications: GIAC: GCIH, GCFA, GNFA, GCIA, GDAT or similar 
• Excellent problem-solving and analytical thinking. 
• Ability to work under pressure during incidents and with minimal supervision. 

• Strong documentation and communication skills, especially when dealing with stakeholders. 

• Collaborative, yet capable of deep focus and individual contribution. 

Bonus points  

• Reverse engineer malware samples (optional but a strong plus)