Incident Response Analyst

About the role

The Staff Incident Response Analyst is a senior individual contributor within Orbia's Cyber Incident Response Team, responsible for shaping how the organization prepares for, investigates, contains, and recovers from cybersecurity incidents on a global scale.

Key responsibilities

• Lead the most complex, high‑impact security incidents, acting as a senior technical escalation point and coordinating response across internal teams, service providers, and business stakeholders.
• Design, maintain, and continuously improve incident response playbooks, runbooks, decision trees, and escalation procedures for critical incident types.
• Build and mature automation and orchestration capabilities, including evidence‑collection workflows, enrichment pipelines, and repeatable containment patterns.
• Design and lead cross‑organizational incident readiness activities such as technical tabletop exercises, pre‑staged response kits, and crisis‑response preparation.
• Drive proactive threat hunting and validate detection coverage against emerging threats using threat intelligence and behavioral analytics.
• Shape tooling strategy by evaluating integrations, identifying gaps, and partnering with engineering and vendors.
• Define, track, and report operational metrics (time to detect, contain, recover, case quality) to prioritize improvements.
• Partner with Legal, Compliance, Security Architecture, Threat Operations, and IT leaders to ensure aligned evidence handling and remediation.
• Lead post‑incident reviews and root‑cause analyses, translating findings into detection, procedural, and control enhancements.

Required profile

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering or a related field, or equivalent hands‑on experience.
• 8‑12 years of experience in incident response, digital forensics, security operations, threat hunting, threat intelligence, or cyber defense engineering.
• Fluent written and verbal English.
• Master’s degree is a plus.

Required skills

• Incident response and containment
• Digital forensics and evidence handling
• Security operations and monitoring
• Threat hunting and threat intelligence analysis
• Automation and orchestration of response workflows
• Playbook and runbook development