Senior Cyber Incident Response Analyst

About us: Amach is an industry‑leading technology‑driven company with headquarters located in Dublin and remote teams in the UK and Europe. Our blended teams of local and nearshore talent are optimised to deliver high quality and collaborative solutions. Established in 2013, we specialise in cloud migration and development, digital transformation including agile software development, DevOps, automation, data and machine learning… The Senior Cyber Incident Response Analyst is a senior technical specialist within the Cyber Defence function, responsible for leading hands‑on incident response activities and managing the SOC. You will drive effective services including 24x7 monitoring, rapid incident response, and ongoing improvement of detection and response processes through automation, testing and strong operational governance. Reporting into the Head of Cyber Defence, this role will work cross‑functionally with teams across Cyber Defence, Cyber Engineering and IT, supporting ongoing maturity of cyber monitoring coverage and incident management playbooks for timely detection and response processes. Essential Qualifications / Experience 10+ years cybersecurity and/or IT experience, with at least 6 years in SOC or Incident Response roles Proven experience in direct involvement in cyber incidents, fulfilling investigation, digital forensics, event triaging and response responsibilities Experience working with outsourced SOC security services Relevant Cyber qualifications e.g. CISM, GIAC, OSCP, CEH, or similar Essential Competencies / Skills Strong crisis management, communication and cross‑functional collaboration skills. Proactive and independent thinker, willing to challenge ways of working Hands‑on proficiency with Cyber Defence technologies (e.g., SIEM, Threat Intelligence, SOAR, EDR platforms such as CrowdStrike, ZeroFox, Splunk or equivalent). Demonstrated ability to develop and mature incident management capabilities, improving operational processes and playbooks, and development of detection use cases. Ability to translate threat intelligence, control testing and incident learnings into measurable improvements in detections, controls and response automation. Key responsibilities & duties include: Support the execution of the Cyber Incident Management strategy defined by the Head of Cyber Defence Act as the technical escalation for the customer's SOC Senior member of the Incident Response team during cyber events, co‑ordinating with the outsourced SOC and internal Cyber and IT teams on response, forensics and investigation activities and remediations. Participate in analysis exercises with the SOC, identifying recurring root causes to incidents and champion remediations and improvements Partner with Vulnerability Management and Offensive Security teams, to continually optimise monitoring and cyber use case colorations. Lead improvements to monitor, detect and respond to threats in real time, leveraging SIEM, EDR, SOAR and automation to deliver at scale. Ensure Cyber Defence evidence, reporting and assurance are fit for purpose (incident records integrity, audit trails, lessons learned and continuous improvement actions). Part of on‑call rota, as point of escalation in the event of a major cyber event Partner with the outsourced SOC and Threat Management services, with daily, weekly and monthly operational cadences, to ensure full visibility of the current incident landscape, and holding them accountable for service KPIs and SLAs Lead the development and maintenance of incident response playbooks Support the Head of Cyber Defence to deliver regular incident testing to enhance readiness with technology and operational teams Desirable skills Familiarity with MITRE ATT&CK framework and modern attacker techniques. Experience managing IR KPIs such as MTTD/MTTR, detection coverage and first‑time remediation Scripting and developing skills for integrating cyber tools, and automating playbook responses. Familiarity with regulatory and incident reporting obligations and evidence requirements (e.g., NIS2, GDPR, aviation regulations such as IAA/EASA Part‑IS). What's in it for you: An opportunity to join a fast‑growing company Options for career advancement Learning and development opportunities Flexible working environment Competitive salaries based on experience Equal Opportunity Employer: Amach is an equal opportunity employer and makes employment decisions on the basis of merit. We celebrate diversity and are committed to creating an inclusive environment for all employees. This job description is intended to convey essential responsibilities and qualifications for this role, but it is not an exhaustive list of tasks that an employee may be required to perform. If you are passionate about driving customer success, advising on strategic solutions, and contributing to product innovation, we would love to hear from you! Not for you? Check out all of our open positions in our careers page and follow us on LinkedIn for future opportunities. P.S. Share this with friends and co‑workers! Don't be afraid they'll steal it from you, if you're amazing and smart we'll find a role for you. We are growing fast and we are always looking for talented people. At Amach, we strive to be an inclusive community of open‑minded individuals with different backgrounds and we are committed to fostering, cultivating and preserving a culture of diversity, equity and inclusion. We strongly believe that a diversity of experience and background is essential to create a fulfilling environment and better solutions for our people and our customers. All Amach employees and contractors are expected to honour this policy and act to ensure that every individual is respected in the workplace. Your personal data Amach will process your personal information in accordance with the EU's General Data Protection Regulation (GDPR). We will comply with data protection law and principles, which means that your data will be: Used lawfully, fairly and in a transparent way Collected only for valid purposes and not used in any way that is incompatible with those purposes Relevant to the purposes we have told you about and limited only to those purposes Accurate and kept up to date Kept only as long as necessary for the purposes we have told you about Kept securely If you would like to contact us about your data, please use the following address: #J-18808-Ljbffr