About this Embedded Cyber Detection and Response Analyst role at Control Risks
The Cyber Detection and Response Analyst supports day-to-day detection, investigation, and response activities as part of a Cyber Detection and Response Team (DART). This is a hands-on technical role focused on identifying, analysing, and responding to cyber threats across the client’s environment, working closely with Security Engineering and broader security stakeholders.
This role will be a part of a 24/7 team and cover one of two shifts: Sunday-Thursday 9:00 am-5:00 pm GMT or Tuesday-Saturday 9:00 am-5:00 pm GMT
Requirements
Responsibilities
- Monitor, triage, and investigate security alerts and events across endpoint, network, cloud, and identity systems.
- Support incident response activities including analysis, containment, remediation, and documentation.
- Execute established incident response playbooks and contribute to their continuous improvement.
- Perform threat hunting activities to identify potential compromises and gaps in detection coverage.
- Leverage threat intelligence to inform investigations and detection tuning.
- Collaborate with Security Engineering to tune detection logic and improve security controls.
- Produce clear, concise incident reports and support root cause analysis and remediation efforts.
- Support on-call rotations and escalation processes as part of a 24/7 detection and response capability.
Qualifications
- 3–5 years of experience in cybersecurity, with a focus on incident response, SOC operations, or cyber defense.
- Hands-on experience with SIEM, EDR/XDR, and log analysis tools (e.g., Splunk, Sentinel, CrowdStrike).
- Practical understanding of incident response methodologies and frameworks such as MITRE ATT&CK and NIST.
- Familiarity with threat hunting, malware analysis, or forensic investigation techniques.
- Exposure to cloud environments (AWS, Azure, or GCP) and modern enterprise architectures is preferred.
- Strong analytical and problem-solving skills, with the ability to communicate technical findings clearly.
- Relevant certifications (e.g., Security+, GCIH, GCIA, or equivalent) are a plus.