ARHS

Cybersecurity Incident Responder

ARHS · Warsaw, Masovian Voivodeship, Poland

IT Services and IT Consulting · 1,001-5,000 employees

10 h ago
Senior (5-10 yrs) Full-time Poland
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Lead and support the full lifecycle of cybersecurity incident investigations, including detection, containment, and mitigation across enterprise environments. Develop and maintain incident response plans, playbooks, and operational processes to improve organizational resilience.

What they look for

Incident Response Cybersecurity Investigation SIEM XDR NDR Threat Intelligence Vulnerability Management Digital Forensics SOC Operations Network Security Operating System Hardening Incident Triage Compliance Reporting Root Cause Analysis CSIRT Collaboration Security Control Evaluation

Requirements

Requires a minimum of 8 years of experience in cybersecurity incident response or security operations. Candidates must possess strong technical knowledge of attack techniques, forensic tools, and the ability to obtain EU Restricted security clearance.

Full description

Company Description

Arηs Group, Part of Accenture, specializes in the management of complex public sector IT projects, including systems integration, informatics and analytics, solution implementation and program management. Our team helps lead clients through digital and information systems design, bringing expertise in a variety of areas ranging from software development, data science and security management to machine learning, cloud, and mobile development.

Arηs Group was acquired by Accenture in July 2024.

Job Description

  • Contribute to the development, maintenance, testing and continuous improvement of the organization’s Incident Response Plan and incident handling capabilities
  • Develop, implement and assess incident response procedures, playbooks, workflows and operational processes
  • Identify, analyze, contain, mitigate and communicate cybersecurity incidents across enterprise environments
  • Lead and support technical cybersecurity incident investigations throughout all phases of the incident response lifecycle
  • Collect, analyze and correlate cyber threat information originating from multiple sources to determine incident impact, scope and root cause
  • Perform incident triage activities and assess reported security alerts to determine appropriate response actions
  • Monitor, investigate and respond to security events identified through Security Operations Centre (SOC) capabilities and cybersecurity monitoring platforms
  • Assess, prioritize and manage technical vulnerabilities and support remediation activities
  • Measure and evaluate incident detection and response effectiveness and recommend process improvements
  • Evaluate the effectiveness and resilience of cybersecurity controls and security measures following security incidents and data breaches
  • Develop and improve incident handling testing methodologies, exercises and validation techniques
  • Establish procedures for incident analysis, lessons learned activities and incident reporting
  • Document incident investigations, findings, response activities, corrective actions and recommendations
  • Manage, review and analyze log files, security events and forensic evidence to support investigations
  • Operate and utilize Incident Response (IR) tools including Extended Detection and Response (XDR), Security Information and Event Management (SIEM) and Network Detection and Response (NDR) platforms
  • Support and collaborate with Security Operations Centres (SOC) and Computer Security Incident Response Teams (CSIRT)
  • Work closely with technical, operational, legal, compliance and business stakeholders during cybersecurity incidents
  • Prepare and deliver incident response reports, executive summaries and post-incident assessments
  • Review existing security controls and provide recommendations to improve detection, response and prevention capabilities
  • Develop and maintain security procedures and policies with emphasis on information protection and data privacy requirements
  • Support security monitoring, threat analysis and incident management activities across operating systems, servers, cloud services and enterprise infrastructure
  • Contribute to regulatory and compliance-driven incident reporting activities in accordance with applicable legal and regulatory frameworks
  • Perform additional tasks as assigned by the supervisor

Qualifications

 

  • Minimum 8 years of experience in cybersecurity incident response, incident handling, security operations or cyber defence roles
  • Strong knowledge of incident handling standards, methodologies and frameworks
  • Strong understanding of incident response best practices and operational procedures
  • Hands-on experience with incident handling and cybersecurity investigation tools
  • Knowledge of incident management, escalation and communication procedures
  • Strong knowledge of operating system security concepts and security hardening practices
  • Strong understanding of computer and network security principles
  • Good knowledge of cyber threats, threat actors, attack techniques and adversary tactics
  • Knowledge of cybersecurity attack procedures and intrusion methodologies
  • Strong understanding of system vulnerabilities, exploitation techniques and remediation approaches
  • Knowledge of cybersecurity-related laws, regulations and compliance requirements
  • Experience working within Security Operations Centres (SOC) environments
  • Experience collaborating with Computer Security Incident Response Teams (CSIRT)
  • Ability to perform all technical, operational and functional aspects of cybersecurity incident handling and response
  • Experience collecting, correlating and analyzing threat intelligence and security event data from multiple sources
  • Experience working with operating systems, servers, cloud platforms and enterprise infrastructure environments
  • Ability to perform effectively in high-pressure and time-sensitive situations
  • Excellent communication, presentation and reporting skills
  • Strong experience analyzing security logs, audit trails and security events
  • Excellent analytical, investigative and problem-solving skills
  • Strong attention to detail and ability to rapidly assess security situations

Additional Information

  • Security clearance required (EU Restricted) from 1st day of collaboration