Job Description

The Security Incident Response Analyst is responsible for coordinating and governing the enterprise security incident lifecycle, ensuring consistent, efficient, and compliant response aligned with the SANS Incident Response framework and Aramark’s enterprise processes. 

This role focuses on incident ownership, communication, and partnership across cybersecurity, IT, and enterprise incident management teams—ensuring events are resolved swiftly, lessons are captured, and security posture continuously improves. 

Job Responsibilities

Security Incident Management 

Coordinate and track security incidents from detection through containment, eradication, and recovery. 

Serve as incident commander for medium-severity events and deputy commander for high-severity incidents. 

Partner with Enterprise Incident Management and IT teams to ensure alignment between cyber and business response processes. 

Manage post-incident reviews, lessons learned, and follow-up remediation actions. 

Maintain and evolve incident response playbooks, workflows, and severity classifications aligned to SANS and ISO 27035 frameworks. 

Prepare and deliver executive-level communications and situation reports summarizing incident impact, containment actions, and next steps. 

Report on key metrics including MTTA, MTTR, volume, severity, and root cause trends. 

SOC Oversight 

Act as day-to-day liaison to the Managed SOC provider, ensuring high-quality, timely escalations. 

Review detection content efficacy, false-positive rates, and coverage gaps. 

Monitor SOC SLAs and ensure continuous improvement in alert handling and escalation quality. 

Coordinate onboarding of new log sources, tools, and data streams for detection coverage. 

Maintain SOC runbooks and escalation criteria to ensure consistent operations. 

Qualifications

Qualifications 

Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience). 

3–5 years in security operations, incident response, or IT incident/problem management. 

Experience with SANS/NIST/ISO 27035 incident management frameworks. 

Familiarity with enterprise security tools such as SIEM, EDR, SOAR, and ITSM platforms (e.g., ServiceNow, Jira). 

Strong written and verbal communication skills, including experience preparing executive communications or incident summaries. 

Calm under pressure, organized, and detail-oriented with strong cross-functional collaboration skills. 

Key Competencies 

Incident Leadership: Calm and confident during high-pressure events. 

Analytical Thinking: Able to connect technical findings to business impact. 

Collaboration: Strong partner to enterprise incident management, IT, and operations. 

Process Improvement: Driven to improve detection, escalation, and response workflows. 

Executive Communication: Able to translate technical details into clear, concise updates for leadership. 

Education

Job Tags

Similar Jobs