Incident Response Analyst

Responsibilities

• Investigate escalated cybersecurity alerts from SIEM, MDR, and other security tools, performing log, malware, and forensic analysis to determine root cause and impact
• Triage alerts to assess severity and business impact, escalating confirmed or high-risk incidents in line with defined response procedures
• Support the full incident response lifecycle, including detection, analysis, containment, eradication, recovery, and post-incident review
• Coordinate with IT, infrastructure, and business stakeholders to drive containment and remediation actions, providing timely updates throughout the incident lifecycle
• Perform basic to intermediate forensic investigations, including evidence collection, preservation, and timeline analysis
• Analyse endpoint artefacts, logs, and EDR telemetry to identify attacker behaviour, persistence mechanisms, and scope of compromise
• Document investigation activities, findings, and actions, contributing to incident reports, root cause analysis, and lessons learned, while maintaining proper documentation and chain-of-custody practices where required
• Support threat hunting activities using indicators of compromise (IOCs), threat intelligence, and observed attack patterns
• Provide feedback on detection logic, playbooks, escalation criteria, and SOC processes to enhance detection and response effectiveness
• Contribute to continuous improvement of incident response and security operations capabilities
• Required Skills & Experience
• Possess relevant technical field with at least 3 years of experience in SOC operations, incident response, or cyber defence
• Strong understanding of cyber threats, attack techniques, and incident response frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain, NIST IR Lifecycle)
• Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, Google SecOps) and EDR/XDR tools (e.g., CrowdStrike, SentinelOne)
• Ability to analyse logs across Windows, Linux, and enterprise environments including firewalls, proxies, VPNs, email, identity, and cloud platforms
• Good knowledge of Windows security events, endpoint artefacts, authentication logs, PowerShell activity, and persistence techniques
• Experience in handling phishing, malware, account compromise, endpoint, and network-based investigations
• Basic to intermediate knowledge of digital forensics, including evidence handling and artefact analysis
• Strong analytical, problem-solving, and documentation skills
• Ability to work under pressure and communicate effectively with both technical and non-technical stakeholders
• Preferred Skills
• Experience in cloud security monitoring (Azure, AWS, or GCP)
• Familiarity with forensic and investigation tools (e.g., Velociraptor, FTK Imager, Autopsy, Volatility, Wireshark)
• Scripting or query skills (e.g., KQL, SPL, SQL, PowerShell, Python, Bash)
• Relevant certifications such as Security+, CySA+, GIAC GCIH/GCFA, Microsoft SC-200, CEH, CREST or SOC-related certifications
• Find out more: https://www.stengg.com/cybersecurity
• S

Additional Information

ST Engineering is a global technology, defence, and engineering group with offices across Asia, Europe, the Middle East, and the U.S., serving customers in more than 100 countries. The Group uses technology and innovation to solve real-world problems and improve lives through its diverse portfolio of businesses across the aerospace, smart city, defence, and public security segments. Join our Cyber Team We are an industry leader in cybersecurity with over two decades of experience, we deliver a holistic suite of trusted cybersecurity solutions to empower cyber resilience for government and ministries, critical infrastructure, and commercial enterprises. Backed by our indigenous capabilities and deep domain expertise, we offer robust cyber-secure products and services in cryptography, cybersecurity engineering, digital authentication, SCADA protection, audit and compliance. We specialise in the design and build of security operations centres for cybersecurity professionals and provide managed security services to strengthen the cybersecurity posture of our government and enterprise customers. Committed to building up competencies of cybersecurity professionals to support the growing demand, our Cybersecurity Academy has certified and trained more than2000 cybersecurity professionals in more than 150 organisations. We continue to innovate through our Research Lab, Strategic Technology Centre, and Engineering Centres and develop future-ready cybersecurity solutions that position us at the forefront of the dynamic digital economy. We are looking for a hands-on and detail-oriented analyst who thrives in a fast-paced SOC environment. The candidate should be able to quickly assess alerts, perform structured investigations, and support incident response activities from initial detection through remediation. This role is best suited for individuals with strong SOC and incident response experience, with digital forensics as a complementary skill.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ST ENGINEERING INFO-SECURITY PTE. LTD.? Share your experience