2-5 years of hands-on experience in Incident Response, SOC, or Blue Team operations. Strong understanding of cyber-attack techniques, threat actor behavior, and the incident response lifecycle. Proven experience working with SIEM tools (e.g., Splunk, QRadar, Sentinel, ELK) for real-time alert monitoring and investigations. Hands-on experience with EDR/XDR platforms (e.g., Microsoft Defender, CrowdStrike, Carbon Black). Solid knowledge of network fundamentals and security controls (TCP/IP, DNS, HTTP/S, firewalls). Experience investigating phishing campaigns, malware activity, suspicious processes, and compromised user accounts. Strong familiarity with the MITRE ATT&CK framework from a defensive / detection perspective. GCIH (GIAC Certified Incident Handler) certification is a plus Ability to clearly document incidents and communicate response actions to technical and business stakeholders.