Incident Response Analyst

When you join Trend, you become part of a unique and diverse global family and you get to work towards a world safe for exchanging digital information.
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. For additional information, visit

Position Overview
The
Incident Response Analyst
serves as the primary technical responder to active security incidents, interfacing with the Security Operations Center (SOC) and IT infrastructure teams, ensuring the effective containment, eradication, and recovery from cyber threats through rapid forensic analysis and technical mitigation.

Primary Responsibilities

• Oversee all incident response activities reported from detection to incident resolution.
• Serve as a contact point for suspicious and malicious events escalated by technical support cases, and from the Trend Micro threat hunting efforts and Incident Response Operations.
• Collect and preserve digital evidence for analysis using traditional DFIR and XDR methods.
• Analyze different digital forensic artifacts, network traffic, security events to perform root cause analysis and summarize all investigations and conclusions in an incident report.
• Differentiate between potential intrusion attempts and false alarms, evaluating unknown or suspicious activity and consulting on measures to mitigate their impact on availability and productivity.
• Review and analyze technical components of malware and other related threat activities in security-related events and different data sources to develop and refine detection criteria and generate threat intelligence.
• Compose security alert notifications and other communications.
• Stay up to date with current vulnerabilities, attacks, and countermeasures.
• Explain different threats to both technical and non-technical parties who do not necessarily have relevant backgrounds and provide consultancy on how to improve security posture to prevent relative threats.
• Threat Hunting in Telemetry for hidden, dormant threats, or potentially escalating threats
• Contribution in Detection Engineering in TM products based on Incident Reports or OSINT
• Occasional evening and weekend shifts may be required.

Required Experience

• A degree in a related field such as Digital Forensics, security, computer engineering, computer science, Telecommunication/Electronics engineering, Information Technology or equivalent professional certifications preferably GIAC/SANS (GEIR, GX-FA, and/or GCFA are a clear advantage)
• Eligible to work in Egypt and is ready to be resident in Cairo (or around it). Role is hybrid; employees may be asked to constantly work from the office a few days per week.
• 3+ year experience in a full-time security position involving threat hunting, detection, Digital Forensic investigation and response.
• Sufficient knowledge of different security controls
• Sufficient Knowledge of common enterprise's IT infrastructure (Network and several types of OS)
• Sufficient knowledge on adversary Tactics, Techniques, and procedures and ability to map them to threat modeling frameworks
• Experience with log analysis, event correlation and incident management procedures and systems, and knowledge of host and network log sources.
• Experience with host-based digital forensics and threat hunting.
• Aptitude for learning, self-directed, and working in critical incidents.
• Must have a powerful sense of duty, diligent in investigation.
• Ease of communication to internal and external stakeholders in English and Arabic. Communication may include reports, presentations, verbal instant updates, or other forms of communication

Preferred Experience

• Total 5+ years of experience in a Cybersecurity/IT/technology relevant role in a structured environment
• Experience in a comparable vendor or a security service provider
• Experience in different types of cybersecurity related assessments
• Malware analysis and threat detection engineering
• Scripting capability
• Demonstrated knowledge of Offensive security
• Experience of Security architecture/controls
• Familiarity with Trend Micro products and technology
• A third language proficiency
• Customer/Executive interfacing experience

Trend Micro strive to build an environment of equity and inclusion, which reflects diverse points of view. We welcome, value, promote, and celebrate diversity - the very experiences and attributes that make us who we are, including but not limited to race, ethnicity, nationality, gender, gender identification, sexual orientation, level of ability, age, religion, veteran status, socio-economic status, and political philosophy.

We embrace change, empower people, and encourage innovation. Join Trend Micro and Thrive with us.