Incident Response Analyst

The Incident Response Analyst is responsible for investigating, containing, eradicating, and supporting the recovery of cybersecurity incidents across customer and enterprise environments. The role plays a critical part in minimizing business impact from cyber threats by coordinating response activities, performing technical investigations, and supporting the continuous improvement of incident response capabilities.

The role collaborates closely with Security Operations, Threat Intelligence, Digital Forensics, and customer IT teams to identify attack vectors, contain threats, and strengthen organizational resilience against future incidents.

Responsibilities:

Incident Investigation & Response

• Respond to security incidents within defined SLAs and escalation procedures. 
• Perform detailed investigations to determine Nature of the attack, Scope of compromise, Impacted systems, Attack vectors and Potential business impact 
• Analyze indicators of compromise (IOCs) and attacker activity. 
• Identify containment, eradication, and recovery actions required to mitigate incidents. 
• Coordinate incident response activities with internal and customer stakeholders. 

Threat Analysis & Root Cause Investigation

• Conduct in-depth analysis of security incidents and suspicious activities. 
• Identify vulnerabilities, attack techniques, and security gaps contributing to incidents. 
• Perform root cause analysis to determine how incidents occurred and identify preventive controls. 
• Analyze attacker tactics, techniques, and procedures (TTPs) using industry frameworks such as MITRE ATT&CK. 

Incident Coordination & Escalation

• Manage incident response activities across multiple technical teams. 
• Escalate incidents requiring Digital Forensics support, Specialized technical expertise and Malware analysis 
• Coordinate communication between technical teams, management, and customer stakeholders. 
• Support crisis management activities during major incidents. 

Documentation & Reporting

• Prepare detailed incident reports documenting Findings, Impact assessments, Root cause analysis and Remediation recommendations 
• Maintain investigation records and evidence documentation. 
• Support development of executive-level incident summaries and post-incident reviews. 

Process Improvement & Readiness 

• Support the development and enhancement of Incident response playbooks, Response procedures and Investigation methodologies 
• Participate in tabletop exercises and incident simulations. 
• Identify opportunities to improve response effectiveness and operational readiness. 

Our Culture & Code of Conduct:

At ZainTECH, we take pride in a culture built on collaboration, innovation, and uncompromising integrity. We are looking for individuals who share these values and are committed to customer-centricity and ethical excellence. All employees are expected to uphold our Code of Conduct, which serves as a guiding framework for responsible behaviour across everything we do — from how we work with each other to how we engage with clients and partners globally.

Requirements

• Bachelor's degree or intermediate diploma (minimum) from a recognised institution. 
• Minimum 3 years experience in cybersecurity / information security, including 1 or more years in incident response. 
• At least one valid NCSC-approved IR certification like (ECIH, CCIM, Blue Team Level 2) or another equivalent certification in the same field that is approved by the NCSC.
• Practical skills in log analysis, endpoint and network investigation, malware triage, and use of IR tooling. 
• Exposure to SIEM/SOAR and EDR platforms is preferable. 
• Experience in an MSSP or SOC environment is preferable.