Senior Security Analyst – Incident Response

Company Overview

A leading global investment firm with approximately $500 billion in assets under management is seeking a Senior Security Analyst to join their Threat Detection & Response team. This role will serve as the U.S. Regional Lead for complex cyber incidents.

• Act as escalation lead for high-priority incidents across the U.S. region, owning response strategy, containment, and communication.
• Perform advanced incident investigations using a wide range of telemetry – SIEM, EDR, NDR, and cloud logs.
• Directly coordinate with internal CIRT, business units, and MSSP for incident resolution, impact mitigation, and post-incident reviews.
• Provide situational updates and executive-ready briefings to senior leaders during and after critical events.
• Mentor Tier 1 and Tier 2 analysts, providing coaching, quality assurance, and escalation guidance.
• Participate in readiness exercises and develop incident response playbooks and tabletop simulations for Tier 3 scenarios.
• Lead and contribute to threat hunting efforts across the enterprise – focused on uncovering stealthy or novel attacker behaviors.
• Validate and tune detections based on incident findings; contribute to detection engineering initiatives.
• Perform detection validation testing and design and execute adversary emulation scenarios mapped to MITRE ATT&CK.
• Develop and implement modern SOAR workflows to automate triage and response for suitable alerting use‑cases.
• Drive cross-team initiatives that enhance detection coverage, improve operational efficiency, and embed threat‑informed defense into day‑to‑day practices.
• Contribute to the development and operationalization of detection‑as‑code methodologies and other engineering‑driven approaches to scalable detection lifecycle management.
• Help define and track operational metrics such as MTTR, MTTC, detection gaps, and hunting efficacy.

• 5+ years in Security Operations, Incident Response, or Blue Team leadership roles within modern enterprise environments.
• Proven experience leading high‑severity incident response, including business impact engagement and executive communication.
• Modern incident response experience across hybrid environments, including traditional on‑prem infrastructure and cloud‑native ecosystems.
• Strong experience with modern detection technologies (EDR, SIEM, log correlation) and a deep understanding of attack kill chains, lateral movement, and behavioral threat detection.
• Experience working within or alongside Dev Ops/Dev Sec Ops  teams to support secure CI/CD.
• Solid understanding of MITRE ATT&CK and experience aligning detection or threat hunting efforts to it.
• Experience with purple teaming, detection validation, or adversary simulation platforms.
• Experience designing or supporting automated response workflows using SOAR tools.
• Familiarity with detection‑as‑code approaches, including managing detection logic in structured formats, version control integration, and lifecycle management of detection content.

Salary: $130,000 – $150,000