Incident Handler ZainTech

الوصف الوظيفي

الأدوار والمسؤوليات

الملف الشخصي المطلوب للمرشحين

u>Incident Handler is responsible for monitoring, investigating, and responding to security incidents to protect organizational systems, data, and infrastructure. The role plays a critical part in identifying threats, containing incidents, and driving remediation efforts while ensuring adherence to defined service levels and incident response procedures./p> p>Working within a Security Operations Center (SOC) environment, the Incident Handler collaborates with cross-functional teams to investigate security events, perform root cause analysis, and strengthen incident response capabilities. The role also contributes to the continuous improvement of incident management processes, playbooks, and security posture./p> p>Responsibilities:/p> p> u>Incident Detection & Response/u> /p> ul> li>Monitor and respond to security incidents within defined SLAs /li> li> Perform detailed analysis of security events and incidents to determine scope, impact, and severity /li> li> Investigate alerts and escalate incidents as required to ensure timely resolution /li> li> Coordinate response efforts across internal teams and stakeholders/li> /ul> p> u>Threat Analysis & Investigation/u> /p> ul> li> Conduct threat analysis to identify indicators of compromise (IoCs), attack vectors, and system vulnerabilities /li> li> Investigate suspected security breaches, attacks, and anomalous activities /li> li> Perform root cause analysis to identify entry points and affected systems /li> li> Escalate incidents requiring advanced investigation to digital forensics teams where applicable/li> /ul> p> u>Incident Containment & Remediation/u> /p> ul> li>Identify and implement containment and eradication measures to mitigate security incidents /li> li>Support recovery actions to restore affected systems and services /li> li>Ensure proper closure of incidents and documentation of actions taken /li> li>Participate in post-incident reviews to identify lessons learned and improvement areas/li> /ul> p> u>Process & Capability Development/u> /p> ul> li>Support the development and enhancement of incident response processes, procedures, and playbooks /li> li>Contribute to improving SOC incident handling capabilities and operational efficiency /li> li>Assist in developing investigation frameworks and incident management best practices/li> /ul> p> u>Documentation & Reporting/u> /p> ul> li>Maintain accurate records of incidents, investigations, and remediation activities using ticketing systems /li> li>Prepare detailed incident reports, documentation, and analysis summaries /li> li>Track incident trends and provide insights to improve security posture /li> /ul> p> u>Stakeholder Coordination/u> /p> ul> li>Collaborate with internal teams including SOC, infrastructure, and security engineering teams /li> li>Coordinate with multiple stakeholders to ensure effective execution of incident response plans /li> li>Communicate incident status, risks, and actions clearly to relevant stakeholders/li> /ul>ul> li>2 4 years of experience in SOC operations, incident response, or cybersecurity monitoring roles /li> li>Hands-on experience in incident handling, threat analysis, and security investigations /li> li>Bachelor s degree in Computer Science, Information Security, or a related field /li> li>Relevant certifications are preferred, such as: CISSP, CISM, SANS / GIAC/li> li>Ability to work in a 24/7 SOC environment, including shift rotations if required /li> li> Strong interest in cybersecurity trends, threat intelligence, and evolving attack techniques /li> li> Commitment to continuous learning and professional development in cybersecurity/li> /ul>