Assistant Manager, Cybersecurity Incident Response

We are currently partnering with a leading technology-driven telecommunications organization that is scaling rapidly to support new digital initiatives and platforms. As part of this expansion, multiple roles are open across key functions to help build, maintain, and enhance next-generation solutions.

This opportunity offers exposure to large-scale systems, innovative technologies, and a collaborative environment where skills and ideas make a real impact. Accountabilities: End-to-end management of cybersecurity incidents, ensuring timely detection, triage, investigation, and resolution Achieving and maintaining target MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) benchmarks.

Effective administration and optimization of the Elastic SIEM platform, including rule creation, tuning, and integrations. Development of accurate and relevant detection use cases aligned with evolving threat patterns and organizational needs. Ensuring timely escalation and coordination with internal and external stakeholders during major incidents.

Providing transparent and comprehensive incident reporting to leadership and relevant teams. Drive operational excellence through monitoring, alerting, timely investigation and continuous fine tuning the alerts Partner with Data Engineering, Architecture, Security, Infrastructure & Tooling teams to ensure aligned technical cyber security discussions

Responsibilities

• Monitor, triage, and investigate alerts from multiple log sources (network, endpoint, cloud, and application). Create, refine, and manage SIEM detection rules to capture the latest attack patterns.
• Conduct log analysis and event correlation to identify potential intrusions or malicious behavior.
• Drive use case ideation and validation to improve threat detection coverage and accuracy.
• Manage and maintain Elastic Stack components (Elasticsearch, Logstash, Kibana, Beats) for operational efficiency.
• Lead integration efforts with tools such as EDR, firewalls, cloud platforms, and ticketing systems.
• Collaborate with IT, Network, and Cloud teams for incident follow-up, containment, and recovery.
• Present incident findings, root cause analyses, and remediation plans to key stakeholders (internal leadership and external partners). Document and enhance incident response playbooks and standard operating procedures (SOPs). Conduct post-incident reviews and implement lessons learned to strengthen the organization's security posture.

Requirements

• 5-8 years of experience in Security Operations Center (SOC), Incident Response, or Detection Engineering roles.
• Proven success in SIEM administration, particularly Elastic Stack (ELK) environments.
• Hands-on expertise in incident triage, log analysis, and detection rule engineering.
• Demonstrated ability to design and operationalize MITRE ATT&CK-aligned use cases.
• Experience in cross-department collaboration and incident coordination with IT and business teams.
• Strong presentation and communication experience in stakeholder-level incident discussions.
• Relevant certifications such as CISSP,
• GCIH, GCIA, CEH, or Elastic Certified Engineer preferred.