Cybersecurity Incident Response Analyst

About Xerox Holdings Corporation

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power the hybrid workplace of today and tomorrow. Today, Xerox is continuing its legacy of innovation to deliver client-centric and digitally-driven technology solutions and meet the needs of today’s global, distributed workforce. From the office to industrial environments, our differentiated business and technology offerings and financial services are essential workplace technology solutions that drive success for our clients. At Xerox, we make work, work. Learn more about us at www.xerox.com.

The Cybersecurity Incident Response Analyst role is located in India and is a Full-Time position with working hours from 5 PM - 1 AM EST / 3:30 AM - 11:30 AM IST.

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we have expanded into software and services to sustainably power today’s workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients - no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things, and cleantech. Learn more at www.xerox.com and explore our commitment to diversity and inclusion.

Role Summary

We are seeking a highly skilled Cybersecurity Incident Response Analyst to serve as a key line of defense in protecting Xerox information systems. You will monitor, detect, investigate, and respond to security incidents to protect confidentiality, integrity, and availability of enterprise data and services.

Purpose

Ensure the security and integrity of organizational information systems by proactively monitoring, detecting, and responding to security threats. This role supports business continuity and helps foster a culture of security awareness within the organization.

Leverage AI-assisted detection and investigation capabilities to accelerate triage and response, while independently validating model outputs against authoritative telemetry and established runbooks.

Scope

This role focuses on monitoring and responding to security alerts and incidents. You will work closely with senior incident response analysts and IT teams to ensure timely and effective resolution of security issues, and you will contribute to continuous improvements in the security posture through repeatable processes and feedback loops. You will execute response actions that are pre-approved in playbooks, verify outcomes, and escalate exceptions (critical assets, high business impact, ambiguous root cause, or destructive/high-blast-radius actions) to senior SOC/Incident Response resources. You will produce investigation artifacts (timeline, evidence, and queries used) suitable for peer review and audit and contribute to continuous improvement through structured feedback to detection engineering.

Influence

As a member of Xerox Cyber Security (XCS), you will help shape the security culture through security awareness activities, end-user engagement, and by translating incident learnings into practical improvements. You will apply a proactive approach to identify and mitigate potential threats and strengthen enterprise defensive capability.

Key Responsibilities

• Incident Monitoring, Investigation, and Response
  • Monitor security alerts and events using security tooling (e.g., SIEM, EDR/XDR, identity and cloud audit telemetry).
  • Analyze and investigate security incidents to determine scope, impact, and probable root cause.
  • Coordinate with IT and security partners to contain, eradicate, and recover from incidents in accordance with runbooks and change/control requirements.
  • Maintain up-to-date knowledge of current threats, attacker techniques, and detection/response best practices.
  • Conduct vulnerability assessments or support vulnerability validation activities and report findings to appropriate stakeholders.
  • Assist in the development, maintenance, and continuous improvement of security policies, standards, and procedures.
• AI-Assisted Investigation and Verification
  • Use AI-assisted capabilities (e.g., alert summarization, enrichment, clustering, prioritization) to accelerate triage and investigation while maintaining analyst accountability.
  • Validate AI-generated findings (summaries, prioritization, hypotheses) against independent evidence sources (SIEM queries, EDR telemetry, identity logs, cloud audit logs) before acting.
  • Translate escalated signals into defensible, evidence-based narratives (what happened, where, when, impacted assets/users, and confidence level).
  • Identify and document inconsistencies or model errors; correct the investigative narrative using authoritative telemetry and analyst reasoning.
  • Provide structured feedback to detection engineering/ML stakeholders (TP/FP label, rationale, telemetry gaps, and tuning recommendations) to improve detection quality.
• Documentation, Communication, and Automation Safety
  • Document incidents in the case management system with triage summary, evidence snippets and queries used, timeline of events, actions taken, residual risk, and escalation rationale.
  • Provide clear, stakeholder-appropriate incident updates; ensure escalations include relevant context, evidence, and recommended next steps.
  • Execute SOAR playbooks with appropriate human-in-the-loop approvals; confirm outcomes and document success/failure states.
  • Use automation responsibly to accelerate enrichment and containment while ensuring actions are reversible where feasible and aligned to approved procedures.

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent practical experience).
• Applied proficiency and advanced understanding of cybersecurity principles and practices.
• Familiarity with security tooling such as SIEM, IDS/IPS, endpoint protection/EDR, and antivirus solutions.
• Strong analytical and problem-solving skills, including hypothesis-driven investigation.
• Excellent written and verbal communication skills; ability to collaborate effectively across teams.
• Ability to work in a fast-paced environment and manage multiple concurrent investigations.
• Ability to work autonomously to complete or hand over investigations, under general supervision.
• Working knowledge of AI-assisted security operations concepts and limitations (e.g., false positives, bias, hallucinations) with a bias toward validation.
• Discipline in sensitive data handling and data minimization when using AI tools (use approved platforms; redact or exclude unnecessary sensitive details).

Preferred Qualifications

• Industry certifications such as CompTIA Security+, CEH, GIAC (e.g., GCIH/GCIA/GMON).
• Experience with network security tooling and firewall analysis techniques.
• Experience using endpoint detection and response tools and search queries to support investigations.
• Experience investigating cloud environments (AWS, Azure) and interpreting cloud audit telemetry.
• Experience using security incident and event management platforms and incident case management systems.
• Knowledge of scripting or query languages (e.g., Python, PowerShell, SQL) to perform lightweight data analysis and validation.
• Experience contributing to detection improvement (writing/adjusting SIEM queries, proposing tuning changes, documenting repeatable triage logic).
• Experience using LLM/AI copilots to accelerate investigations, with strict validation and data‑handling practices.

Benefits

• Competitive salary and benefits package.
• Opportunities for professional growth and development.
• Collaborative and inclusive work environment.
• Access to modern cybersecurity tools and technologies.

Success Criteria (First 90 Days)

• Consistently produces complete, reviewable incident case notes (evidence, queries, timeline, rationale).
• Demonstrates reliable AI-output verification (flags model errors, corrects with telemetry).
• Submits actionable feedback that improves alert fidelity or reduces recurring false positives.
• Executes approved containment actions safely and escalates exceptions with clear context.

Key skills/competency

• Incident Response
• Security Monitoring
• Threat Detection
• SIEM
• EDR/XDR
• Vulnerability Assessment
• Cloud Security
• AI in Security Operations
• Python/PowerShell Scripting
• Data Analysis