Cyber Incident Handler

3Columns is a specialist cybersecurity firm that delivers a wide range of services, including security assurance, security governance, professional services, and managed services. Solutions include managed security services, offensive security services, cybersecurity consulting, and professional services to help customers deploy all the necessary controls. The core services delivered by the SOC are Managed Detection and Response and Incident Response. About the Role: 3Columns is seeking a Cyber Incident Handler to join their team remotely. They will be responsible for working with the MDR team and leading escalated incidents, updating customers and stakeholders, and assisting the MDR team with investigations. Incident responders will work with SOC team, develop playbooks and update existing as required. The successful applicant will become integral to each client's cybersecurity strategy, developing strong relationships and becoming a trusted partner within each organisation. Please Note: - To save you time with rejections and save our time, if you do not have experience in Incident response, Stakeholder communication, investigation or Log analysis, you will be rejected. Candidates who will apply without any SOC experience just for the sake of applying will be blacklisted for the next 10 years. Cyber Incident Handler - Work with MDR analysts on escalated Incidents. Understand the incident, generate possible scenarios and work with Digital Forensics and Level 1 and Level 2 analysts and assist them with the investigation Perform triage and validation of suspicious activity, determining urgency and potential impact. Execute containment, eradication, and recovery actions during active cybersecurity incidents. Assist with Digital forensic analysis on endpoints, cloud services, and network artifacts to determine root cause and scope. Lead incident investigations and collaborate with internal stakeholders to minimise business disruption. Provide technical guidance to junior analysts during escalations and complex cases. Develop incident timelines, collect evidence, and ensure proper chain of custody for investigations. Document incidents, lessons learned, and produce high-quality incident reports for leadership. Maintain and tune detection content, response playbooks, and automation workflows (SOAR/XDR/SIEM). Participate in proactive threat hunting activities based on emerging threat intelligence. Support ongoing improvement of SOC maturity, readiness exercises, and incident response processes. Qualifications Bachelor’s degree in Cybersecurity / Information Technology / Computer Science (or equivalent experience). Industry certifications such as GIAC (GCIA / GCIH / GCFA) , CEH , Security+ , CySA+ , or Azure/AWS security credentials. Strong understanding of cybersecurity frameworks (MITRE ATT&CK, NIST CSF, ISO 27035). Proficiency with SIEM, EDR/XDR, and SOAR platforms (e.g., SentinelOne, CrowdStrike, Microsoft Defender, Splunk, Rapid7). Knowledge of TCP/IP networking, common protocols, and security tools (firewalls, IDS/IPS, proxies). Solid grasp of Windows, Linux, Active Directory, identity security, and cloud security fundamentals. Ability to interpret malware behaviour, logs, network traffic, and forensic artifacts. Strong written communication skills for executive and technical reporting. Relevant Experience 2–5 years working in a SOC or Cyber Incident Response function. Hands-on experience with threat detection, containment, and remediation activities. Involvement in major or moderate security incidents, including ransomware, BEC, insider threats, or phishing. Experience conducting forensic analysis on hosts (memory, disk) and cloud environments (M365, Azure, AWS). Development or optimisation of incident response playbooks and automation. Collaboration with IT teams to implement security controls and corrective actions. Exposure to red team scenarios, threat hunting operations, or purple team exercises. Real-world experience leveraging threat intelligence to improve detection capability.