Incident Response Analyst II

Overview

Job Title – IRC Analyst. The Incident Response Center (IRC) is the first layer of defense responsible for quick detection and incident response using monitoring and automation tools, conducting thorough investigation of alerts, classification, and triage. The IRC Analyst delivers operations within the IRC across all client data center sites globally and responds to alarms/alerts across DCIM, SAOS, CCTV, Access Control Systems (ACS), and Building Management Systems (BMS).

The role provides deep understanding and intelligence of incident criticality and impact to resolver groups.

Incident & Problem Management

• Investigate, report, and respond to alerts, incident response (war room, remote bridges).
• Respond to incidents and critical situations calmly, conducting in-depth investigation of alerts.
• Be the first line of defense using monitoring and automation tools to conduct investigation, classification, and triage, within prescribed SLAs.
• Provide deep understanding and intelligence of incident criticality and impact to resolver groups.
• Ensure detailed records of alarm handling activities, including actions taken and resolutions in ticketing tools; file incident reports.
• Act as incident commander during major incidents.
• Understand internal/external communication methods and stakeholder responsibilities.
• Support program managers and facilitate project deliverables, improving operational and engineering initiatives.
• Conduct root cause analysis (RCA) to determine recurring problems.
• Use in-depth questioning and analysis to determine the underlying cause of incidents or problems.
• Perform duties in compliance with SOPs, MOPs, Runbooks, and Playbooks.

Server, DCIM, Network and Traffic Alarms Operations

• Continuously monitor alarm dashboards and systems.
• Investigate and respond to alarms related to Network, Data Center Environment, Server Health, Facility Security, and Safety.
• Identify and acknowledge incidents associated with alarms.
• Assess incidents to determine their criticality and operational impact.
• Engage resolver groups and escalate to higher tiers or management following established paths.
• Maintain communication with teams, stakeholders, and incident responders.
• Follow documented procedures to resolve incidents promptly and effectively.
• Ensure accurate records of alarm handling and resolution activities in ticketing tools.
• Comply with SOPs, MOPs, Runbooks, and Playbooks.

Threat Intelligence, Critical Event Management

• Monitor threat feeds and operational alerts to protect Byte Dance personnel and assets; triage alerts related to weather, security, travel, and regional instability; coordinate response actions and escalate to law enforcement if necessary.
• Coordinate emergency responses, including with law enforcement if required.
• Verify incident information accuracy through secondary sources.
• Generate heatmaps to highlight affected areas during significant events.
• Collaborate with security and operational teams for a coordinated response.
• Implement incident containment and mitigation strategies.
• Document incident details, response actions, and lessons learned.
• Follow SOPs, MOPs, Runbooks, and Playbooks.

Physical Security and Safety

• Monitor CCTV and ACS.
• Track alarms for safety events including electrical issues, fire hazards, equipment failures, and water leaks.
• Review camera footage for quality and area coverage.
• Investigate and report access control incidents.
• Report findings to Security and Safety Engineering teams.
• Follow SOPs, MOPs, Runbooks, and Playbooks.
• Familiarity with Lenel and Genetec systems.

Cloud Incident Response and Monitoring

• Real-time monitoring of cloud infrastructure using AWS Cloud Watch, Azure Monitor, and GCP Stackdriver.
• Incident triage and escalation of alerts related to cloud-based services and resources.
• Coordination with Cloud Engineers and Dev Ops teams during cross-environment incidents.
• Identification and classification of cloud service anomalies, including misconfigurations, degraded services, and unauthorized access attempts.
• Understanding of cloud architectures such as VPCs, IAM, Kubernetes, and serverless.
• Documentation of RCA and corrective actions for cloud incidents.
• Basic scripting and automation skills (Python, Bash, or Power Shell).
• Awareness of cloud security protocols, including encryption, IAM policies, and standards like ISO 27001 and SOC 2.

Required Qualifications / Soft Skills

• 2+ years of experience in a NOC, command center, or similar 24/7 operations environment
• Ability to quickly triage and prioritize multiple incidents based on risk
• Knowledge of systems including IP networks, DC environment, and server health
• Strong written and verbal communication skills
• Works well under pressure and within deadlines
• Excellent communication and collaboration abilities
• Strong analytical and problem-solving skills
• Ability to work independently and as part of a team
• Familiarity with data protection laws such as GDPR
• This is an on-site role at client facilities
• Must be willing to work variable shifts,…