Cyber Security Analyst (Incident Response)

Cyber Security Analyst (Incident Response)Department: Security OperationsEmployment Type: Full TimeLocation: RemoteReporting To: Nate VidalDescriptionPosition OverviewWe are seeking a Senior Security Incident Response Analyst to join our growing Cybersecurity team. The ideal candidate will have extensive hands-on experience in detecting, responding to, and remediating sophisticated cyber threats using industry-leading tools, particularly EDR platforms. This role requires a deep technical background in both offensive and defensive security, forensic analysis, and threat hunting. The successful candidate will serve as a senior technical escalation point for complex incidents and help drive continuous improvement of our incident response capabilities. **Must be located in Costa Rica** **Must have hands on experience with Microsoft Defender**Key ResponsibilitiesLead and conduct advanced investigations into security incidents using EDR, Network traffic analysis, and Forensic tools. Perform root cause analysis and develop mitigation strategies for complex cyber threats, including APTs, malware outbreaks, insider threats, ransomware, encryption, data exfil activities and others. Act as a technical escalation point during major security incidents, providing in-depth knowledge of tools, techniques, and procedures (TTPs) used by threat actors. Conduct deep dive investigations and threat hunting activities to detect and respond to anomalies and early indicators of compromise (IOCs), using EDRs products. (Mostly MS Defender). Perform memory, disk, and log forensics using tools such as Volatility, Autopsy, and Windows/Linux forensic utilities. Develop and refine incident response runbooks, playbooks, and standard operating procedures (SOPs). Contribute with IR Partners by leveraging offensive and threat hunting security knowledge. Assist with post-incident reviews and lessons learned to improve detection and response strategies. Mentor junior IR analysts. Stay current with the threat landscape, emerging attack techniques, and relevant security technologies. Skills Knowledge and Expertise Experience: Minimum 5+ years in a dedicated Incident Response or Security Operations role, with hands-on investigative experience using advanced EDR solutions, Microsoft Defender (Must have Defender experience) Technical Security Skills: Defensive: Malware analysis, memory forensics, log analysis, endpoint and network triage. Offensive: Understanding of exploitation techniques, red teaming, vulnerability assessment, and attack simulations. Certifications: One or more of the following is required or highly preferred: GIAC GCFA / GCIA / GCIH / GNFA OSCP / OSCE / GPEN Microsoft SC-200 / MS Defender-specific certifications OWASP or web application security certifications Networking and Systems Expertise: Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, SMTP, etc.) Proficiency in analyzing packet captures and netflow data (e.g., Wireshark, Zeek) Deep understanding of Windows, Linux, and cloud environments (AWS, Azure) Knowledge of IR Frameworks: NIST 800-61, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain. Scripting and Automation: Python, PowerShell, Bash, or equivalent scripting languages for automating investigation and response tasks. Why DeepSeas?At Deep Seas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren't Deep Seas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:We are client obsessed. We stand in solidarity with our teammates.We prioritize personal health and well-being.We believe in the power of diversity.We solve hard problems at the speed of cyber.This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let's talk!Information security is everyone's responsibility:Understanding and following DeepSeas's information security policies and procedures.Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas's information security.Actively participating in DeepSeas's efforts to maintain and improve information security.DeepSeas considers this position is as Moderate Risk with a potential to view/access/download restricted/private client/internal data. This information must be treated with Sensitivity and in the most secure manner. HR reserves the right to perform random background/drug Screens to ensure the safety of client/DeepSeas data