Sr. Associate Manager - Threat Intelligence & DFIR specialist

We are One Sutherland — a global team where everyone is working together to create great breakthrough solutions. Our workforce has thrived in an environment of diversity of thought, experience and background. We celebrate our diversity and embrace it whole-heartedly. Sutherland is an equal opportunity employer. We promote a positive work environment by conducting ourselves professionally and helping each other achieve our goal of One Sutherland Team, Playing to Win.

Sutherland was founded 35 years ago (1986). Since then, we have become a leading global provider of business process and technology management services offering an integrated portfolio of analytics-driven back office and customer-facing solutions that support the entire customer life cycle.

We are seeking an experienced Cybersecurity Incident Response Analyst with 5+ years of hands-on expertise in managing complex security incidents. In this role, you will be responsible for detecting, analyzing, and responding to threats across various domains, including identity, web, network, and cloud environments. The ideal candidate will demonstrate a strong threat-hunting mindset, excellent analytical skills, and the ability to thrive under pressure while collaborating effectively with cross-functional teams.

Key Responsibilities

Incident Management:

• Lead the end-to-end incident response lifecycle, including detection, analysis, containment, eradication, and recovery.

Threat Investigation:

• Analyze and investigate a variety of attack vectors, such as:
• Identity attacks include credential abuse, privilege escalation, and MFA bypass.
• Web Attacks: SQL injection, cross-site scripting (XSS), remote code execution.
• Network Attacks: DDoS, lateral movement, traffic manipulation.
• Cloud Threats: IAM misconfigurations, exposed services, container security vulnerabilities.

Collaboration & Coordination:

• Work closely with SOC analysts, threat intelligence teams, forensics, and engineering groups during and after security incidents.

Root Cause Analysis:

• Conduct comprehensive investigations to determine the root cause of incidents and provide actionable remediation recommendations.

Process Improvement & Documentation:

• Document all incident response procedures and lessons learned. Contribute to the continuous improvement of our detection and response capabilities.

Proactive Security Measures:

• Participate in threat hunting and purple team exercises to enhance overall security preparedness.

Required Skills & Qualifications

• A minimum of 5 years of hands-on experience in cybersecurity incident response or security operations.
• Proven expertise in investigating and mitigating incidents across one or more areas: identity, web, network, or cloud.
• Proficiency with SIEM, EDR, and SOAR tools (e.g., Splunk, Sentinel, CrowdStrike).
• Experience in hybrid or cloud-first environments (AWS, Azure, or GCP).
• Strong understanding of frameworks and methodologies such as MITRE ATT&CK, the cyber kill chain, and threat modeling.
• Excellent written and verbal communication skills, with the ability to document and convey technical details clearly to both technical and non-technical stakeholders.

Preferred Qualifications

• Industry certifications include GCIH, GCFA, GNFA, GCIA, or relevant cloud security certifications (AWS, Azure, or GCP).
• Experience with scripting or automation (e.g., Python, PowerShell, Bash).
• Exposure to advanced threat hunting and threat intelligence practices.

All your information will be kept confidential according to EEO guidelines.