Cyber Incident Response Analyst

About the role

The Cyber Incident Response Analyst is a core member of the Cyber Defence team, responsible for hands‑on incident management and close collaboration with the Security Operations Centre (SOC). Working in a hybrid delivery model, the analyst supports 24x7 monitoring, rapid response, and continuous improvement of detection and response processes.

Key responsibilities

• Perform incident triage, investigations and forensic analysis alongside the SOC.
• Act as escalation point for the Aer Lingus SOC, coordinating with outsourced vendors and internal IT teams.
• Maintain and enhance incident response playbooks, monitoring coverage and service quality.
• Validate internal and external security weaknesses using manual techniques and tooling.
• Participate in on‑call rotations and major cyber‑event escalations.
• Collaborate with Cyber Defence, Engineering and IT to integrate processes and improve service responsiveness.
• Support the development of cyber‑testing playbooks, tabletop exercises and simulation tests.
• Stay up‑to‑date with emerging threats, vulnerabilities and offensive techniques relevant to the organisation’s technology stack.

Required profile

• 8+ years of cybersecurity or IT experience, including at least 4 years in SOC, Incident Response or related functions.
• Proven ability to work cross‑functionally and drive continuous improvement.
• Strong analytical and forensic investigation skills.

Required skills

• SIEM platforms
• Endpoint Detection and Response (EDR)
• Security Orchestration, Automation and Response (SOAR)
• Automation scripting
• Incident response and forensics
• Threat hunting and simulation