Sr. Incident Response Analyst

Sony Pictures Entertainment•Culver City, CA

About The Position

This role provides leadership and expertise in advanced cyber incident response, forensic investigations, and security operations automation. The position is responsible for investigating and coordinating responses to cybersecurity incidents, including malware infections, data exfiltration, denial-of-service attacks, insider threats, and other security breaches. The role works closely with the Security Operations Center (SOC) to triage, investigate, and respond to security alerts, leveraging automation and orchestration to improve response speed and consistency. This individual collaborates with cross-functional teams across IT, network engineering, vulnerability management, and threat intelligence to identify root causes, implement remediation actions, and strengthen the organization's overall security posture. Additionally, the role supports the development and continuous improvement of incident response processes, detection capabilities, and SOAR playbooks to enhance operational efficiency and reduce response times.

Nice To Haves

Experience with SIEM platforms (Splunk, Sentinel, QRadar, etc.)
Experience with SOAR platforms (XSOAR, Tines, Swimlane, etc.)
Endpoint detection and response (EDR/XDR) technologies
Digital forensics and incident response (DFIR) methodologies
MITRE ATT&CK framework familiarity
Threat hunting and detection engineering experience
Scripting or automation experience (Python, PowerShell, APIs)

Responsibilities

Develop, maintain, and improve enterprise incident response plans, procedures, and playbooks aligned with industry frameworks (NIST, MITRE ATT&CK, etc.).
Lead and coordinate investigation and response activities for cybersecurity incidents including malware, phishing, ransomware, insider threats, and data breaches.
Work closely with the SOC to triage and investigate alerts, determine incident severity, and drive appropriate response actions.
Design, develop, and maintain SOAR playbooks and automation workflows to streamline security operations and improve incident response efficiency.
Conduct in-depth forensic investigations across endpoints, networks, cloud environments, and logs to determine root cause, scope, and impact of incidents.
Partner with threat intelligence teams to incorporate indicators of compromise (IOCs), threat actor tactics, techniques, and procedures (TTPs), and emerging threats into detection and response workflows.
Collaborate with engineering, infrastructure, and application teams to implement remediation strategies and preventive controls to reduce future risk.
Support detection engineering efforts by identifying gaps in security monitoring and helping develop improved alerting and detection capabilities.
Assist with containment, eradication, and recovery activities following security incidents, ensuring systems and services are restored securely.
Lead post-incident reviews and root cause analysis to identify lessons learned and drive improvements to detection, response processes, and security architecture.
Produce clear incident reports and executive summaries for leadership and stakeholders, including recommended improvements.
Act as a primary point of coordination with internal stakeholders, third-party partners, legal teams, and external agencies when required.
Monitor emerging threats, vulnerabilities, and attacker techniques to proactively improve detection and response capabilities.
Partner with vulnerability management and security engineering teams to proactively address security gaps identified during investigations.
Continuously improve SOC and incident response operations through metrics, automation, and operational maturity initiatives.