Alphasense
Alphasense

Staff Incident Response Analyst

qafull-timeRemote - India
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
full-time
INDUSTRY
ai
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

About the Role

We are hiring a Staff Incident Response Analyst to serve as the technical escalation point for our L2 SOC analysts and 24/7 managed detection and response (MDR) partner. When a case exceeds what an L2 can handle — complex forensics, multi-system intrusions, ambiguous attacker behavior, or high-stakes containment decisions — it lands with you. You are the last line of technical defense before the Security Operations Manager is pulled in.

This is a deeply hands-on role. You will spend the majority of your time in tooling: hunting through the SIEM, pulling host artifacts via EDR remote access, tracing IAM chains in cloud audit logs, and reconstructing attacker timelines from raw evidence. You are expected to know what you are looking at without being told, and to be faster and more thorough than the analysts escalating to you.

Core Responsibilities

Escalation Handling & Incident Leadership

  • Receive and own L2 escalations across all severity levels; take over technical lead role on Sev2+
  • Scope incidents accurately and quickly: determine blast radius, affected assets, and attacker objectives from available telemetry
  • Make and document containment decisions — endpoint isolation, account suspension, token revocation, network block — with clear rationale
  • Maintain a forensically sound incident timeline: ordered evidence, source attribution, and chain-of-custody throughout
  • Communicate incident status to the Security Operations Manager with enough fidelity to brief upward without needing to re-investigate
  • Drive incidents to documented closure: root cause, attacker path, affected assets, and defensive gaps identified

Host & Endpoint Forensics

  • Perform deep-dive endpoint triage via EDR: process tree analysis, remote artifact collection, behavioral event review, and custom detection rule evaluation
  • Reconstruct attacker activity from Windows forensic artifacts: Prefetch, Shimcache, Amcache, MFT, $USNJrnl, event logs (4624, 4688, 4698, 7045), and registry hives
  • Analyze Linux host artifacts: bash history, cron jobs, /tmp and /var/log contents, SUID binaries, and persistence mechanisms
  • Perform memory forensics when warranted: process injection, credential extraction artifacts, and in-memory malware indicators
  • Extract and analyze malware samples statically and dynamically: PE header review, strings, YARA matching, and sandbox detonation interpretation
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $14.99/mo. Cancel anytime.
Join waitlist
Apply now