69 Threat Analyst jobs in Ireland

Kaseya is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya's best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners ), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to and for more information on Kaseya's culture.

Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers.

WHAT YOU'LL DO:
As a cutting-edge technology company, we are searching for a talented junior or mid-level threat detection analyst to join our exceptional team. Kaseya is a leader in delivering groundbreaking solutions that empower businesses to thrive in the digital age. You should be a technical contributor who will investigate and contribute to the enhancement of security alerting. In this position, you will be responsible for triaging, coordinating, and executing initiatives that improve the security posture of Kaseya's platforms. You will be responsible for handling security alerts, enhancing documentation, and defending against potential threats that could disrupt operations or compromise sensitive information.

WHAT WE ARE LOOKING FOR:
As a Threat Detection Analyst at Kaseya, you will play a crucial role in safeguarding our organization's digital infrastructure from potential threats externally and internally. You will collaborate with experienced professionals to expand your skills and knowledge in the field of cybersecurity.

Prior experience as a cyber security analyst is highly preferred but contributors to the industry are also considered. The candidate must have experience and demonstrate capability in one domain. This person must have effective communication and project management skills.

We ideally want to see your passion come through and know you have established a level of understanding of the work needed.

ESSENTIAL DUTIES A
ND RESPONSIBILITIES:

• Investigate and respond to security alerts.
• Continuous monitoring of networks and systems.
• High Value Assets (HVAs) monitoring to ensure their security and integrity.
• Event categorization and prioritization based on severity and impact.
• Document security events and manage the workflow for incident alerting and sorting for additional investigation.
• Contribute to the enhancement of the program and detections.
• Coordinate with stakeholders and partnering teams

General Qualifications And Experience

• Bachelor's degree in any field
• Relevant paid or free certifications such as BTL1, SEC+, SSCP, GISF, GSEC, GSOC, AttackIQ Academy, Microsoft Certified: Security Compliance and Identity Fundamentals.
• Cross domain certifications preferred: CCNP, Network+, Linux+, CISA.
• Home lab or cyber security community involvement.

WHAT YOU'LL BRING:

• Accurately and consistently perform triage, review, and handling of the Security Operations Center service catalog deliverables.
• Beginner domain knowledge covering common facets for duties and responsibilities.
• Learning professional concepts and best practices.
• 0-2 years of experience in cybersecurity, information security, or related field
• At least a year of experience with community involvement and/or home lab projects.
• A constant elevated level of curiosity, passion, and innovation to the security team.

Join the Kaseya growth rocket ship and see how we are #ChangingLives

Additional Information
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.

Kaseya is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya's best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners ), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to and for more information on Kaseya's culture.

Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers.

WHAT YOU'LL DO:

As a cutting-edge technology company, we are searching for a talented junior or mid-level threat detection analyst to join our exceptional team. Kaseya is a leader in delivering groundbreaking solutions that empower businesses to thrive in the digital age. You should be a technical contributor who will investigate and contribute to the enhancement of security alerting. In this position, you will be responsible for triaging, coordinating, and executing initiatives that improve the security posture of Kaseya's platforms. You will be responsible for handling security alerts, enhancing documentation, and defending against potential threats that could disrupt operations or compromise sensitive information.

WHAT WE ARE LOOKING FOR:

As a Threat Detection Analyst at Kaseya, you will play a crucial role in safeguarding our organization's digital infrastructure from potential threats externally and internally. You will collaborate with experienced professionals to expand your skills and knowledge in the field of cybersecurity.

Prior experience as a cyber security analyst is highly preferred but contributors to the industry are also considered. The candidate must have experience and demonstrate capability in one domain. This person must have effective communication and project management skills.

We ideally want to see your passion come through and know you have established a level of understanding of the work needed.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Investigate and respond to security alerts.

• Continuous monitoring of networks and systems.

• High Value Assets (HVAs) monitoring to ensure their security and integrity.

• Event categorization and prioritization based on severity and impact.

• Document security events and manage the workflow for incident alerting and sorting for additional investigation.

• Contribute to the enhancement of the program and detections.

• Coordinate with stakeholders and partnering teams

GENERAL QUALIFICATIONS AND EXPERIENCE

• Bachelor's degree in any field

• Relevant paid or free certifications such as BTL1, SEC+, SSCP, GISF, GSEC, GSOC, AttackIQ Academy, Microsoft Certified: Security Compliance and Identity Fundamentals.

• Cross domain certifications preferred: CCNP, Network+, Linux+, CISA.

• Home lab or cyber security community involvement.

WHAT YOU'LL BRING:

• Accurately and consistently perform triage, review, and handling of the Security Operations Center service catalog deliverables.

• Beginner domain knowledge covering common facets for duties and responsibilities.

• Learning professional concepts and best practices.

• 0-2 years of experience in cybersecurity, information security, or related field

• At least a year of experience with community involvement and/or home lab projects.

• A constant elevated level of curiosity, passion, and innovation to the security team.

Join the Kaseya growth rocket ship and see how we are #ChangingLives

Additional information

Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.

Cyber Incident Response & Engineering Lead – Dublin (Hybrid)
We're hiring a Cyber Security Incident Response & Engineering Lead to help guide our enterprise-level Security Operations Centre. You'll lead both incident response and detection engineering efforts, mentoring a team and owning tooling across SIEM, SOAR, and EDR platforms.

What You'll Do

• Lead response to major security incidents across multiple clients
• Own SIEM/SOAR/EDR architecture and tuning
• Run tabletop exercises and post-incident reviews
• Mentor and support SOC analysts and engineers
• Drive continuous improvement across tooling and workflows

What You'll Bring

• 5+ years in cyber security, with incident response leadership
• Strong hands-on experience with SIEM, SOAR, EDR platforms
• Ability to guide and mentor a team
• Knowledge of MITRE ATT&CK, kill chains, forensic investigation
• Clear communicator under pressure

Apply today or email

Kaseya is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya's best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners ), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to and for more information on Kaseya's culture.

Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers.

Threat Response Analyst – Mid-Level
About Kaseya
Kaseya is the leading provider of complete IT Infrastructure and Security Management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide. Our award-winning technologies allow organizations to efficiently manage and secure IT to drive sustained business success.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. Kaseya has achieved sustained, strong double-digit growth and is backed by Insight Partners, a global private equity firm investing in high-growth technology and software companies. Learn more at

What You'll Do
As a Threat Response Analyst, you will:

• Act as a frontline incident responder, leading containment, eradication, and recovery for confirmed threats
• Perform advanced threat hunting across enterprise environments to proactively detect adversarial activity
• Conduct in-depth malware analysis using static and dynamic techniques
• Manage escalations from junior analysts and provide mentorship and technical guidance
• Correlate events across multiple data sources (SIEM, EDR, network logs, cloud platforms) to identify sophisticated attack patterns
• Deliver clear, actionable incident reports and executive-level summaries
• Collaborate with cross-functional teams to ensure remediation and long-term risk reduction
• Contribute to playbook development, threat intelligence enrichment, and detection rules to enhance SOC capabilities

Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience
• 3–5 years of hands-on experience in cybersecurity operations, incident response, or threat analysis
• Prior experience in a SOC or IR role with expertise in at least two domains: incident response, malware analysis, threat hunting, digital forensics, or security engineering
• Proficiency with SIEMs, EDR, and network forensic tools (e.g., Splunk, Sentinel, CrowdStrike, Carbon Black)
• Familiarity with common attacker TTPs and frameworks (MITRE ATT&CK, NIST CSF)
• Relevant certifications preferred: GCFR, GCIH, GCIA, Microsoft SC-200, CCNP Security, Linux+, CISA
• Strong ability to communicate technical details to both technical teams and executive leadership
• Experience leading small projects or initiatives within a SOC/CIRT team is highly desirable

What You'll Bring

• Deep technical knowledge of security concepts, threats, and incident response best practices
• Ability to independently investigate, analyze, and resolve complex security incidents
• Experience with scripting or automation (Python, PowerShell, Bash) to accelerate investigations is a plus
• A proactive mindset with a strong interest in continuous learning and awareness of the threat landscape

Join the Kaseya growth rocket ship and see how we are #ChangingLives

Additional Information
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.

Kaseya is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya's best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners ), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to and for more information on Kaseya's culture.

Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers.

ABOUT KASEYA

Kaseya is the leading provider of complete IT Infrastructure and Security Management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide. Our award-winning technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Partners, a leading global private equity firm investing in high-growth technology and software companies that drive transformative change.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more, visit

We are seeking a skilled Threat Response Analyst with proven experience in cybersecurity operations and incident response. In this role, you will take ownership of advanced investigations, lead containment and eradication efforts, and provide expert guidance to both technical and non-technical stakeholders. You will work as part of our Cybersecurity Incident Response Team (CIRT), proactively hunting for threats, analyzing malicious activity, and strengthening the security posture of our global organization.

• Act as a frontline incident responder, leading containment, eradication, and recovery for confirmed threats.
• Perform advanced threat hunting across enterprise environments to proactively detect adversarial activity.
• Conduct in-depth malware analysis using both static and dynamic techniques to assess and mitigate risks.
• Manage escalations from junior analysts and provide mentorship, technical direction, and quality review.
• Correlate events across multiple data sources (SIEM, EDR, network logs, cloud platforms) to identify sophisticated attack patterns.
• Deliver clear, actionable incident reports and executive-level summaries.
• Collaborate with cross-functional teams (infrastructure, application, compliance) to ensure remediation and long-term risk reduction.
• Contribute to the development of playbooks, threat intelligence enrichment, and detection rules to enhance SOC capabilities.

We're looking for an experienced cybersecurity professional who thrives in fast-paced environments and can operate with minimal supervision. The ideal candidate combines strong technical expertise with sharp analytical thinking and excellent communication skills.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience.
• 3–5 years of hands-on experience in cybersecurity operations, incident response, or threat analysis.
• Prior experience in a SOC or IR role with demonstrated capability in at least two domains (incident response, malware analysis, threat hunting, digital forensics, or security engineering).
• Proficiency with SIEMs, EDR, and network forensic tools (e.g., Splunk, Sentinel, CrowdStrike, Carbon Black).
• Familiarity with common attacker TTPs and frameworks (MITRE ATT&CK, NIST CSF).
• Relevant certifications preferred: GCFR, GCIH, GCIA, Microsoft SC-200, CCNP Security, Linux+, CISA.
• Strong ability to communicate technical details to both technical teams and executive leadership.
• Experience leading small projects or initiatives within a SOC/CIRT team is highly desirable.

• Deep technical knowledge of security concepts, threats, and incident response best practices.
• Ability to independently investigate, analyze, and resolve complex security incidents.
• Experience with scripting or automation (Python, PowerShell, Bash) to accelerate investigations is a plus.
• A proactive mindset with a strong interest in continuous learning and threat landscape awareness.

Join the Kaseya growth rocket ship and see how we are #ChangingLives

Additional information

Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.

At Arctic Wolf, we're not just navigating the cybersecurity landscape - we're redefining it. Our global team of dedicated Pack members is driving innovation and setting new industry standards every day. Our impact speaks for itself: we've earned recognition on the
Forbes Cloud 100, CNBC Disruptor 50, Fortune Future 50, and Fortune Cyber 60
lists, and we recently took home the
2024 CRN Products of the Year
award. We're proud to be named a
Leader
in the
IDC MarketScape
for Worldwide Managed Detection and Response Services and earning a
Customers' Choice
distinction from
Gartner Peer Insights
. Our
Aurora Platform
also received
CRN's Products of the Year
award in the inaugural
Security Operations Platform
category. Join a company that's not only leading, but also shaping, the future of security operations.

Our mission is simple: End Cyber Risk. We're looking for a
Incident Response Recovery Engineer in Cork
to be part of making this happen.

General Responsibilities

• Participate in escalations during weekdays and be on-call during
• weekends/holidays
• Conduct audits and peer reviews of incident reports
• Encourage information sharing and collaboration

Technical Skills & Duties

• Assist in rebuilding Active Directory domains/networks after an attack by restoring from backups, using decryption tools, etc.
• Troubleshoot common domain technologies like DHCP and DNS
• Configure hypervisors, backup systems, firewalls, and other network tech
• Collect relevant evidence from local and cloud environments, including Windows/Linux hosts and network telemetry sources
• Execute all aspects of Business Email Compromise (BEC) investigations—scoping, data collection/analysis, reporting
• Recover data from affected systems using various recovery techniques/technologies
• Client Communication & Support
• Liaise with the client's technical staff throughout the recovery
• process
• Communicate findings at both executive and technical levels—verbally and in writing—with support from senior team members as needed

Key Competencies

• System administration and troubleshooting
• Active Directory configuration
• Network design and infrastructure
• Virtualisation technologies

Minimum Qualifications

• At least 3 years' professional experience in recovery, troubleshooting, configuration, and network maintenance (e.g.,
• Restoration & Remediation Engineer, Post Breach Remediation
• Consultant, System Administrator, or similar)
• Availability to respond and work outside normal business hours
• Routine expertise in setting up new domain controllers, seizing
• FSMO roles, DNS troubleshooting, restoring SYSVOL, and rebuilding DFSR or FRS
• Proficient in network configuration/troubleshooting, deployment-management systems, and imaging solutions
• Familiarity with firewalls, VPNs, Active Directory, Group Policies,
• Linux and Windows systems
• Basic knowledge of hypervisors like ESXi/VMware or Hyper-V
• Business-fluent in English
• Eligible to work in Ireland, no immigration support provided

Preferred Qualifications

• Bachelor's degree in Information Security, Digital Forensics, Computer Science, or related field
• Familiarity with backup solutions such as VEEAM, Datto, Barracuda, etc.
• Knowledge of attacker-provided decryption tools
• Experience automating tasks with PowerShell, Python, or another suitable scripting language

About Arctic Wolf
At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including
Top Workplace USA
,
Best Places to Work – USA
,
Great Place to Work – Canada
,
Great Place to Work – UK
(2024), and
Kununu Top Company – Germany
Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction, with over 7,000 customers worldwide and more than 2,000 channel partners globally. As we continue to expand globally and enhance our technology, Arctic Wolf remains the most trusted name in the industry.

Our Values
Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people's and organizations' sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.

We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.

We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.

All Wolves Receive Compelling Compensation And Benefits Packages, Including

• Equity for all employees
• 28 days annual leave, 10 public holidays and paid volunteering days off
• Comprehensive private benefits plan including medical, mental health, dental, disability, and value-added services
• Pension Plan with employer contribution
• Robust Employee Assistance Program (EAP) with mental health service
• Employee Discount Program with Beneplace

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing

On-Camera Policy

To support a fair, transparent, and engaging interview experience, candidates interviewing remotely are expected to be on camera during all video interviews.

Being on camera fosters authentic connection, improves communication, and allows for full engagement from both candidates and interviewers.

We understand that in some cases, candidates may face technical, bandwidth, or location-related challenges that limit their ability to use video. If this applies to you, please let us know in advance so we can consider appropriate accommodations or find an alternative solution.

Security Requirements

• Conducts duties and responsibilities in accordance with AWN's Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
• Background checks are required for this position.
• This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations ("EAR"). Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

• This is a hybrid role, requiring the successful candidate to attend our Tralee office.

As a Cyber Incident Response Analyst, you will be a key part of a high performing SOC team, with a desire to continually improve and advance our capabilities to protect SMBC Group. You will bring your passion for Cybersecurity to a team of like-minded professionals and leverage this passion to ensure our monitoring and response capabilities are effective and efficient and that we keep pace with a rapidly changing threat landscape.

You will relish your core role in supporting the monitoring and response of cyber security alerts and incidents by digging into and investigating them to find the root cause and identifying the gap in controls that allowed a threat to reach that point in the kill chain. If you identify an incident, you will lead that technical analysis, tracking down the actions of that threat actor as part of the incident response, while supported by the wider Incident response process and members of the SOC and CSIRT teams. If you identify a false positive, you will drive the effort to tune or refine our detections, or to drive improvements to our preventative controls to prevent a recurrence, freeing more time for the SOC to focus on improving our skills and capabilities. With your knowledge and expertise, you will develop and hone the SOC through work-product review, mentoring, and ownership of projects to develop the technical capabilities of the SOC.

As part of a wider team of SOC analysts, you are able to focus on an area you are passionate about, or if sufficiently experienced, take the lead. You will develop deep expertise and expand our capabilities in domains ranging from across Purple Teaming, Threat hunting, Digital Forensics and Incident Response (DFIR), Security Automation, Detection Engineering and Threat Intelligence and share this knowledge to develop the depth of knowledge of the SOC. As part of a Financial Group with offices and data centers across the Globe, you will have access and exposure to leading technologies and tools. If there is a gap in our toolset, you can help us identify and bridge that gap by acting as Subject Matter Expert to do so. You will bring fresh ideas, challenge the status quo, and seek always to answer - how can we improve?

This role is best suited for candidates who enjoy and have experience within SOC or CSIRT teams and enjoy investigating and finding the root of an issue or incident and working on getting the most from leading edge security toolsets and platforms and processes. Candidates who excel will think critically to find ways to resolve security challenges. This role would suit an experienced and self-motivated cyber security professional with strong technical skills and knowledge combined with a passion for cyber security.

Note: Expectation is to be onsite once a month for this role.

• Act as technical lead in the development and enhancement of capabilities such as Cyber Monitoring & Response/Purple Teaming/Threat Hunting/Digital Forensics/Incident Response
• Act as an escalation point for the analysis of security alerts or technical response to security events and incidents
• Review and guide the SOC personnel for well-written, complete, and thorough analysis
• Mentor and guide more junior SOC personnel sharing your knowledge and expertise.
• Develop and improve monitoring & response playbooks.
• Conduct proactive threat hunting and DFIR activities.
• Develop deep expertise in our monitoring systems and technology to act as an SME in working with our detection engineering and automation teams to enhance our abilities to prevent, detect & respond.
• Identify and test new adversary TTPs and our ability to detect and respond to them.
• Identify opportunities for efficiency, work hand in hand with Security Automation team to automate and improve our response processes.
• Assist in the implementation and ongoing support of security systems, acting as an SME for SOC related projects.
• Execute tasks or support projects to enhance team's capabilities.
• Assist in defining SOC requirements for information technology projects.
• Act as a role model and set the standard for technical analysis within the SOC.
• Providing strong mentorship and guidance to more junior SOC team members by acting and leading by example. Bring a positive outlook and seek to motivate and inspire your fellow team members.
• Demonstrate comprehensive understanding of cyber security best practices, risk vectors, mitigation techniques and protection software. Display knowledge of network security concepts and tools such as firewalls, proxy servers, email security and suspicious traffic flows. Exhibit analytical ability to lead incident response and mitigation efforts as well as identify key areas for improvement from post-incident analysis. Show ability to convey cyber security polices and concepts to employees and lead training efforts to ensure all employees follow recommended best practices relating to cyber security.
• Strong understanding of MITRE ATT&CK Cyber Kill Chain and similar frameworks.
• Strong knowledge of security controls related to the detection, analysis, and response (SIEM, EDR, NDR, XDR, UEBA).
• Strong knowledge of Windows and Linux systems, Active Directory, Cloud technologies.

• 5+ years of experience in cyber security experience required, ideally in a SOC, DFIR, or CSIRT role.
• Strong verbal and written communication skills with experience in documenting their work to a high level.
• Professional Certifications an advantage but not essential if have requisite role knowledge, GCIH, GNFA, GFCA, Certified Ethical Hacker (CEH), OSCP, CISSP or similar certifications a plus.
• Must be self-directed with the ability to work independently.
• Ability to multi-task and remain productive in a service-driven and results oriented environment.
• Demonstrated strong organizational, analytical, and problem-solving skills.

SMBC's employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know

I are looking for an accomplished cyber security leader to head up incident response and operational security functions within a fast-paced, enterprise-scale environment. You will oversee a dedicated team responsible for monitoring, detecting, investigating, and responding to threats 24/7, while working closely with senior stakeholders across the business to ensure rapid, effective action against risks.

Key Responsibilities

• Build and maintain a robust incident response framework, ensuring readiness through training, simulations, and tabletop exercises.
• Direct the resolution of high-severity incidents, coordinating IT, legal, HR, and communications teams as required.
• Lead investigations, including endpoint analysis, network traffic review, malware examination, log correlation, and digital forensics.
• Drive continuous improvement with root cause analysis, lessons learned, and implementation of corrective measures.
• Oversee and optimise security technologies (SIEM, EDR/XDR, SOAR), ensuring integration and automation for efficiency.
• Collaborate with monitoring teams to triage alerts, identify genuine threats, and prioritise remediation.
• Provide leadership, mentoring, and career development support to the incident response team.
• Contribute to the design and implementation of security controls and enterprise architecture improvements.
• Ensure operational security practices comply with recognised frameworks and regulatory standards.

Skills & Experience

• 5+ years in senior security operations or incident response leadership roles.
• Strong expertise in threat detection, containment, and digital investigation.
• Hands-on knowledge of SIEM, SOAR, and EDR/XDR platforms within enterprise environments.
• Experience in vulnerability management, insider threat detection, and data protection.
• Familiarity with MITRE ATT&CK and other cyber defence models.
• Proficiency in at least one scripting language (Python, PowerShell, etc.) for automation.
• Solid understanding of network security, cloud platforms, and enterprise operating systems.
• Security certifications (GCFA, GCFE, GCIH, CISSP, or equivalent) highly regarded.
• Skilled communicator, able to engage effectively with both technical teams and senior executives.
• Previous exposure to managed or shared security services is an advantage.