Staff Incident Response Analyst in India at Jobgether

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Staff Incident Response Analyst in India.

This role sits at the highest level of technical escalation within a global Security Operations function, where you will lead the investigation and containment of the most complex and high-severity security incidents. You will act as the final technical authority before managerial escalation, taking ownership of advanced cyber intrusions, multi-cloud attacks, and ambiguous threat scenarios. The position is deeply hands-on, requiring constant interaction with SIEM, EDR, cloud logs, and forensic artifacts to reconstruct attacker behavior with precision. You will work across AWS, GCP, identity systems, and endpoint environments to trace full attack chains from initial compromise to containment. The environment is fast-paced, security-critical, and highly analytical, demanding both depth of expertise and speed of execution. This is a high-impact role where your decisions directly shape incident outcomes and organizational resilience.

• Lead and own escalated security incidents from L2 analysts and MDR partners, including Sev2+ and critical cases.
• Scope incidents rapidly by identifying affected systems, attack surface, and potential blast radius using multi-source telemetry.
• Drive containment actions such as endpoint isolation, credential revocation, network blocking, and session termination with clear justification.
• Build and maintain detailed, forensically sound incident timelines across endpoint, cloud, and identity environments.
• Perform deep endpoint and host forensics using EDR tools and system artifacts (Windows and Linux).
• Investigate AWS and GCP environments using cloud logs, IAM analysis, and workload behavior to reconstruct attacker activity.
• Conduct identity and SaaS forensics, including IdP investigations, token abuse, OAuth attacks, and session anomalies.
• Lead malware analysis efforts (static and dynamic) and contribute to detection engineering based on findings.
• Perform threat hunting in SIEM platforms to identify undetected attacker behaviors and emerging techniques.
• Mentor and guide L2 analysts by reviewing escalation quality and improving investigative methodologies.

• 6+ years of hands-on incident response experience, including senior-level or staff-level technical IR responsibilities.
• Expert proficiency with EDR platforms (e.g., CrowdStrike, SentinelOne) including deep triage and detection analysis.
• Strong expertise in AWS incident response, including CloudTrail, IAM analysis, EC2/Lambda investigations, and privilege escalation patterns.
• Advanced Windows and Linux forensics skills, including artifact analysis (MFT, Prefetch, registry hives, logs, cron, persistence mechanisms).
• Experience conducting SIEM-based investigations and detection engineering (Splunk, Sentinel, Chronicle, or equivalent).
• Strong identity security experience (Okta, Entra ID, or similar), including authentication and session analysis.
• Proven ability to lead and resolve Sev1 incidents independently with strong decision-making under pressure.
• Solid technical writing skills for incident documentation, timelines, and escalation reporting.
• Working knowledge of MITRE ATT&CK for mapping attacker behaviors and structuring investigations.
• Preferred experience in malware analysis, memory forensics (Volatility), and cloud security posture tools (Wiz, Prisma, Orca).
• Exposure to GCP incident response, CIAM systems, or regulated SaaS environments is a plus.

• Competitive compensation aligned with senior-level security expertise.
• Fully remote or hybrid flexibility depending on project requirements.
• Opportunity to work on high-severity, real-world security incidents across global cloud environments.
• Exposure to advanced DFIR practices, multi-cloud security, and enterprise-scale threat landscapes.
• Strong technical autonomy with high-impact decision-making responsibilities.
• Continuous learning opportunities in cloud security, threat hunting, and incident response.
• Collaborative global security organization with strong engineering and operational maturity.