Cyber Incident Response Analyst

​Legal & Administrative Services​

Puerto Rico 

General Responsibilities

Threat Hunting & Hypothesis Development
-Lead hypothesis-driven threat hunts based on adversary behaviors, threat intelligence, and gaps in detection coverage.
-Convert hunt findings into detection opportunities, documenting the process for feedback into detection engineering pipelines.

Detection Engineering & Rule Development
-Design, test, and tune detection logic across SIEM, EDR, AV, and telemetry tools.
-Work with threat intelligence teams to operationalize IOCs, behavioral indicators, and adversary TTPs into effective detections.
-Review and enhance detection thresholds based on false positives, real incidents, or changes in the threat landscape.

Security Automation & SOAR Playbook Development
-Build and maintain automation workflows using SOAR to enable rapid and consistent response actions.
-Develop scripts and modular logic for triage, enrichment, containment, and notification.
-Ensure automation efforts are scalable, well-documented, and auditable.

Cross-Unit Enablement & Tooling Support
-Provide automation and tooling support to Threat Intelligence, Incident Response, and SOC units.
-Build or enhance integration pipelines to enable shared data access, automated enrichment, and response coordination.
-Support internal tooling that accelerates investigations and incident handling.

Incident Response Collaboration
-Support incident handling by enabling automated triage, forensic data collection, and remediation through engineered workflows.
-Participate in root cause analysis, containment strategy discussions, and lessons learned reviews.

Purple Teaming & Detection Validation
-Participate in purple team engagements to validate detections and response workflows.
-Align detection coverage to adversary emulation scenarios and documented threat models. 

Performs duties through methods and actions that are consistently ethical and in total compliance with the laws, applicable regulations, Code of Ethics, corporate policies and guidelines and rules of conduct. Completes corporate trainings and certifications intended for the detection and prevention of money laundering related activities and fraud, insider training and conflict of interest policies and procedures, as applicable.

Education and Experience Required

Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Software Development, or a related discipline.
-Equivalent hands-on experience in detection engineering, security operations, or automation will be considered. 

Knowledge and Skills Required

Threat Detection Expertise:
-Deep understanding of telemetry sources and how to craft detections using logs, network traffic, endpoint data, and cloud environments.

Automation & Scripting:
-Ability to write, debug, and optimize scripts for automation and integration (e.g., Python, PowerShell, APIs, JSON, YAML).

Security Tooling:
-Proficiency with SIEM, SOAR, EDR, AV, and cloud security platforms. Ability to integrate, customize, and troubleshoot tools within the security stack.

Adversary Tactics Knowledge:
-Solid grasp of threat actor behaviors, kill chain models, and frameworks like MITRE ATT&CK and D3FEND.

Incident Response Fundamentals:
-Knowledge of IR workflows, evidence handling, triage procedures, and the role of automation in incident containment and remediation.

Data Analysis & Correlation:
-Ability to work with large data sets, perform pivot-based investigations, and correlate disparate log sources to identify meaningful patterns.

Communication Skills:
-Ability to clearly document procedures, detection logic, and investigation findings for both technical and non-technical stakeholders.

Team Collaboration:
-Strong interpersonal skills and experience working across different cybersecurity functions (CTI, SOC, IR, Engineering).

Continuous Learning Mindset:
-Willingness to stay current with threat trends, emerging attack techniques, and new tooling in the cybersecurity ecosystem. 

Additional Information

L-V 8AM-6PM 

Available to work extended hours, weekends and/or holidays as needed and the availability to travel as required supporting projects in the region. 

“Evertec Group, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, pregnancy, marriage, sexual orientation, gender identity, national origin, age, genetic information or condition, political affiliation, religious ideology, being a victim or perceived victim of domestic violence, sexual assault, or harassment, serving or having served in the Armed Forces of the United States, disability status, or any other protected category by Puerto Rico or US Federal law.EEO is the Law Poster. If you are an individual with a disability, a disabled veteran, or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability, please contact the People & Culture Department in advance at (787) 759-9999 or send an email totalentacquisition@evertecinc.comin order to accommodate your special needs. Evertec is an employer with E-Verify to verify the eligibility for employment of all the new employees.Participation Poster. Drug-free company. Equal Employment Opportunity/ Affirmative Action for Women/Veterans/People with Disabilities.”