Cyber Security Incident Response Analyst

Cyber Security Incident Response Analyst Stellantis is a leading global automaker and mobility provider that offers clean, connected, affordable and safe mobility solutions. Our Company’s strength lies in the breadth of our iconic brand portfolio, the diversity and passion of our people, and our deep roots in the communities in which we operate. Our ambitious electrification and software strategies and the creation of an innovative ecosystem of strategic, game-changing partnerships are driving our transformation to a sustainable mobility tech company. The driving force behind us is the diverse and talented group of men and women around the world who bring their passion and experience to their work every day. And while we are a truly global organization, we remain deeply rooted in the communities in which we operate and where our colleagues live and work. With industrial operations in nearly 30 countries, Stellantis could consistently exceed the evolving needs and expectations of consumers in more than 130 markets, while creating superior value for all stakeholders. Please submit your CV in English. Description: Defend a global mobility leader through rapid, coordinated incident response. The CSIRT Analyst is a core member of Stellantis’ Cyber Defense Operations Center (CDOC), focused on identifying, triaging, analyzing, and responding to security incidents across the globe. You will operate within a follow‑the‑sun model inside the CDOC, ensuring threats are contained and remediated quickly and lessons learned are fed back into detections and playbooks. You will investigate incidents, perform host/network forensics, drive containment and recovery, and communicate clearly to both technical and executive stakeholders. The role demands technical depth including IA capabilities, composure under pressure, and a collaborative mindset aligned to Stellantis’ global incident response processes and crisis procedures. Stellantis is a global mobility leader with the ambition to deliver clean, safe, and affordable freedom of mobility for all, guided by the Dare Forward 2030 strategy to transform into a sustainable mobility tech company and achieve carbon net zero by 2038 (Scopes 1–3). Our plan includes interim decarbonization targets by 2030 and a robust pipeline of electrified vehicles, backed by strong operational performance. Key responsibilities: Incident Handling: Lead/assist across the IR lifecycle (preparation; detection & analysis; containment; eradication; recovery; post‑incident) with documented handoffs to relevant teams (IT, Cloud, OT/Product). Forensics & Analysis: Acquire/preserve evidence and perform analysis (host, network, malware triage) to determine root cause, scope, and impact; propose targeted containment and eradication. Threat‑Informed Response: Use CTI (internal & external) to guide scoping, IOCs, and hypotheses; contribute improvements to use cases and playbooks based on incident insights. Crisis & Escalation: Execute on escalation paths and communication matrices during high/critical events and cyber crisis scenarios, ensuring timely, accurate updates. Continuous Improvement: Conduct after‑action reviews, document lessons learned, drive detection and control enhancements, and track KPIs (e.g., MTTD/MTTR). Collaboration: Coordinate closely with CDOC, platform engineering, and business stakeholders across regions within Stellantis’ global model. Sample Duties Investigate and contain phishing, malware, lateral movement, data exfiltration, and identity‑based attacks; coordinate with IT and Cloud teams for containment/eradication. Perform host and network forensics, extract IOCs, and collaborate with CTI to enrich indicators and adversary hypotheses. Execute incident communications per escalation matrices; provide timely situation reports and executive one‑pagers during high/critical events. Maintain and enhance runbooks, detection use cases, and SOAR playbooks; contribute KPI reporting and trend analysis. Qualifications: Bachelor’s degree (or equivalent experience) in Computer Science, Cybersecurity, or related field. 3+ years in SOC/CSIRT or incident response roles with hands‑on experience across investigation, containment, and recovery. Proficiency with SIEM/SOAR workflows, endpoint detection/response, and network security monitoring; solid understanding of Windows/Linux, networking, IA Detection & Response tools and cloud basics. Familiarity with NIST 800‑61 style processes and enterprise IR playbooks; experience operating within defined escalation paths and crisis procedures. Strong analytical communication skills (verbal & written) across technical and executive audiences; ability to work shifts/on‑call in a global environment. Experience in a CSIRT serving multiple regions/time zones and partnering with product/OT security teams. At Stellantis, we assess candidates based on qualifications, merit and business needs. We welcome applications from people of all gender identities, age, ethnicity, nationality, religion, sexual orientation and disability. Diverse teams will allow us to better meet the evolving needs of our customers and care for our future. #J-18808-Ljbffr