Senior Incident Response Analyst

Overview

Responsibilities

• Investigate incidents from detection to resolution by rapidly assessing threats, determining impact, coordinating responses, collaborating with relevant teams, and managing incident response through all stages of the cyber kill chain.
• Develop and maintain incident response playbooks and procedures to align with industry best practices and emerging threats, leveraging threat intelligence for enhanced detection and response.
• Enhance and implement cloud-focused incident response processes, expand SOC capabilities, integrate cloud-native tools, and collaborate with engineering teams to strengthen detection, investigation, and optimizing detection and response for AWS, Azure, and GCP environments.
• Conduct thorough network and cloud investigations using logs, packet captures, and industry frameworks to identify attacker tactics and compromise indicators.
• Lead post-incident reviews by documenting actions, performing root-cause analysis, identifying vulnerabilities, and continuously enhancing SOC detection and response processes.
• Collaborate with SOC analysts and other teams to enhance investigative and triage skills, deliver ongoing training, and embed security best practices throughout the organization.

Qualifications

• Master's Degree and (2) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or
• Bachelor's Degree and (3) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or
• Associate's Degree and (4) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience.

• Previous Digital Forensics/Incident Response experience, required.
• Proficient in using known commercial and/or open source, incident response and forensic software, required.
• Understanding of industry standard policies, processes, and procedures, required.
• Understanding of chain of custody, required.
• Previous experience creating timelines and completing a root cause analysis, required.
• Proficiency in collecting, analyzing the evidence collected and creating reports based on the findings to different stakeholders: (Technical, Executive, etc.), required.
• Knowledge of current and evolving cyber threat landscape, required.
• Ability to handle multiple priorities effectively, required.
• Experience in security monitoring, threat detection and handling real-world cyber incidents and stakeholders, required.
• Hands on experience with commercial and open-source cybersecurity tools, required.
• Coordinating containment, eradication and recovery efforts for malware, phishing, ransomware, cloud, edge and other types of attacks, required.
• Coordinating with stakeholders such as cyber and other business units during incidents, required.
• Experience with providing updates during incidents to leadership and documenting incident reports, required.
• Understanding of OT systems, protocols, and industrial control systems (ICS), Preferred.

• Strong verbal communication and listening skills
• Demonstrated written communication skills
• Demonstrated analytical skills
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

• Driver's License Required
• Other: Relevant DFIR certifications such as GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar. Preferred

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• Must be able and willing to travel within Company service territory, as needed.