Back to search
Mattel Themuse · Posted yesterday

Sr IT Security Analyst-SOC Analyst – Incident Response

India Senior level

Computer and IT Themuse
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Job Description

The Senior SOC Analyst – Incident Response (IR) is responsible for leading and coordinating cybersecurity incident response activities across Mattel’s global enterprise. Acting as a tactical leader within the Security Operations Center (SOC), this role serves as a primary escalation point for major incidents and complex investigations. The analyst combines hands-on technical expertise with strategic decision-making to ensure timely containment, eradication, and recovery from security threats. This position demands deep investigative and forensic skills, strong leadership during crisis situations, and the ability to continuously enhance SOC playbooks, detection strategies, and response capabilities.

Roles and Responsibilities

  • Lead and coordinate the response to cybersecurity incidents across Mattel’s global environments, ensuring rapid containment and effective remediation.

  • Serve as the incident commander during high-severity incidents (P1/P2), providing direction, technical guidance, and decision-making support.

  • Act as a key escalation point for SOC analysts during complex investigations, ensuring consistent and high-quality response processes.

  • Perform forensic evidence collection, analysis, and preservation to support internal investigations and potential legal proceedings.

  • Conduct deep-dive investigations on alerts and incidents generated by SIEM, EDR, NDR, and cloud security platforms.

  • Correlate logs and telemetry data from multiple systems to identify root causes, attacker behavior, and lateral movement patterns.

  • Leverage scripting (Python, PowerShell, Bash) to automate evidence collection, enrichment, and triage workflows.

  • Develop, maintain, and improve SOC playbooks, incident response runbooks, and escalation procedures to standardize and strengthen SOC operations.

  • Deliver timely and clear communications to SOC leadership, IT, and business stakeholders during active incidents and major investigations.

  • Perform retrospective analysis and threat validation to identify undetected compromises or related incidents.

  • Collaborate with Threat Hunting, Threat Intelligence, and Red Team functions to validate detection effectiveness and improve readiness.

  • Conduct post-incident reviews, root-cause analyses, and lessons-learned sessions to drive continuous improvement.

  • Support automation, orchestration, and tuning initiatives to enhance response efficiency and reduce false positives.

  • Contribute to the ongoing enhancement of SOC maturity, including metrics tracking, tooling optimization, and procedural development.

  • Stay current on emerging threats, vulnerabilities, and incident response best practices to improve detection and defense capabilities

Skills and Qualifications

Required:

  • 6+ years of experience in Security Operations or Incident Response, including leadership in major incident handling.

  • Hands-on experience managing end-to-end incident response processes (detection, containment, eradication, recovery, and reporting).

  • Strong technical expertise with SIEM tools (Splunk, Sentinel, QRadar, Chronicle) and EDR/NDR solutions (CrowdStrike, SentinelOne, Carbon Black, Cortex XDR).

  • Proficiency in forensic investigation tools such as FTK, EnCase, Autopsy, or Volatility for evidence collection and analysis.

  • Strong knowledge of the NIST 800-61 and SANS IR frameworks, including best practices for digital forensics and response documentation.

  • Experience with network analysis tools (Wireshark, Zeek, tcpdump) for packet capture and traffic inspection.

  • Knowledge of malware behavior, reverse engineering fundamentals, and memory analysis techniques.

  • Proficiency in scripting or automation using Python, PowerShell, or Bash to enhance investigation workflows.

  • Comprehensive understanding of Windows, Linux, and macOS systems, their artifacts, and attack vectors.

  • Strong written and verbal communication skills, capable of providing executive-level briefings and technical documentation.

Preferred:

  • Bachelor’s degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).

  • Certifications such as GIAC GCIA, GCFA, GCIH, GNFA, GREM, CISSP, CISM, or OSCP.

  • Experience managing or contributing to SOC automation and SOAR integrations to improve incident response speed.

  • Familiarity with cloud environments (AWS, Azure, GCP) and containerized infrastructure security (Docker, Kubernetes).

  • Experience with compliance-driven incident response (e.g., GDPR, PCI-DSS, HIPAA).

  • Proven mentorship and leadership capabilities within SOC teams, promoting collaboration and operational excellence.

Shift Timing:

This role follows a rotating shift schedule to ensure 24x7 coverage, with primary hours between 05:00–14:00 PST (18:30–03:30 IST). Weekend or on-call rotations may be required during high-severity incidents or major security events.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent