Senior Security Incident Response Analyst

About the Company: Netspend Corporation is a global, vertically-integrated financial services and technology company dedicated to the delivery of innovative financial empowerment solutions to consumers worldwide. Netspend's financial products and services span prepaid, debit, cross-border payments, and loyalty solutions for consumers and enterprise partners. Netspend provides prepaid and debit account solutions that connect customers with secure, convenient access to global payment networks so they can manage their money and make everyday purchases. With a nationwide U.S. retail network, customers can purchase and reload Netspend products at 130,000 reload points and over 100,000 distributing locations. Since our founding in 1999 by industry pioneers, Netspend products have processed billions of dollars in transaction volume and served millions of customers worldwide. The company is headquartered in Austin, Texas with employees worldwide. Job Description: We are seeking a highly skilled Senior Security Incident Response Analyst to join our global Cyber Defense organization. This individual contributor role is responsible for triaging and investigating security alerts, developing and maintaining response playbooks, and ensuring the effectiveness of security logging and detection capabilities. The ideal candidate brings deep technical expertise, strong analytical skills, and a passion for improving detection and response processes at scale. This role will collaborate closely with Security Operations, Threat Detection Engineering, Platform/Infrastructure teams, and cross-functional partners across global time zones. The position is based in India and may support a follow-the-sun incident response model. Key Responsibilities Incident Monitoring & Investigation ● Continuously monitor and triage security alerts from SIEM, EDR, cloud platforms, and other detection systems ● Conduct end-to-end investigations for potential security incidents, including scoping, containment recommendations, and root-cause identification ● Escalate and coordinate with global IR teams for high-severity incidents. ● Perform forensic analysis on endpoints, logs, and cloud workloads as required. Response Playbooks & Process Improvement ● Design, build, and maintain incident response playbooks covering common threat scenarios (malware, phishing, identity compromise, insider threat, cloud misconfigurations, etc.) ● Identify opportunities for automation and orchestration in investigation workflows ● Collaborate with Threat Detection Engineering to refine detection logic, thresholds, and alerting criteria ● Document incident findings, lessons learned, and process improvements. Logging & Detection Efficacy ● Evaluate the completeness and quality of security logs across infrastructure, applications, and cloud environments (AWS/Azure/GCP). ● Recommend improvements in logging coverage, enrichment, and parsing to strengthen detection capabilities ● Partner with Security Engineering to validate telemetry ingestion and visibility in SIEM and EDR platforms ● Conduct periodic logging health assessments and tune noisy or low-value alerts. Stakeholder Collaboration ● Work with IT, Cloud, Engineering, and Compliance teams to ensure incident response readiness ● Provide guidance to junior analysts and regional partners when required ● Support tabletop exercises and readiness assessments. Requirements ● 5–8+ years of hands-on experience in Security Operations, Incident Response, Threat Hunting, or Detection Engineering ● Strong knowledge of SIEM platforms (e.g., Splunk, ELK, Sentinel), EDR tools (CrowdStrike, SentinelOne, etc.), and cloud security (AWS/GCP/Azure) ● Proven ability to investigate complex security events using logs, network traffic, and endpoint data ● Experience building IR playbooks and standard operating procedures ● Familiarity with MITRE ATT&CK, NIST Incident Response Framework, and modern adversary TTPs ● Solid understanding of logging architectures, event taxonomies, and detection pipelines. ● Excellent communication skills and ability to work independently in a global, distributed environment Preferred Qualifications ● Relevant certifications (GCIA, GCIH, GCFA, GNFA, Azure/AWS Security, etc.) ● Experience with SOAR automation workflows ● Exposure to DevOps, Kubernetes, container security, or CI/CD pipeline monitoring ● Prior experience working in a global 24/7 operational security model