Cybersecurity Incident Response Analyst - REMOTE

About the position reputed company (reputed company) is seeking a talented Cybersecurity Incident Response Analyst to join our Analysis on Demand (AoD) team. This role focuses on hands-on investigation of cybersecurity incidents, threat hunting, and forensic analysis across reputed company, network, and cloud environments. Position Overview Serve as an Incident Response (IR) Analyst supporting the Analysis on Demand (AoD) team. Drive client meetings to discuss incident scope, investigative findings, and response updates while producing clear and detailed technical reports. Conduct incident triage and verification, determine scope of compromise, reputed company threat hunting, and provide containment and remediation recommendations to customers. Serve as a primary responder and reputed company of contact during incident response engagements, supporting forensic investigation, analysis, and resolution of reputed company incidents. Work directly with clients to reputed company investigations, forensically analyze systems, and identify attacker activity across enterprise environments. Analyze compromised systems to determine attack reputed company, persistence mechanisms, lateral movement, and attacker techniques. Identify attacker tools, tactics, and procedures (TTPs) and understand evolving threat actor behaviors. Follow industry incident response best practices for containment, eradication, and recovery. This position focuses on hands-on investigation and incident response, not alert monitoring or tier-1 SOC duties. Must be familiar with incident response best practices and procedures. Must have Windows-based incident response and computer forensics experience. Must be familiar with network analysis, memory analysis, and digital forensics investigations. Must possess excellent verbal and written communication skills, including the ability to present findings and recommendations to technical teams and leadership.

Responsibilities

• Communicate and collaborate with internal and customer teams to investigate and contain incidents for escalated reputed company events and investigations.
• reputed company technical cybersecurity investigations including root cause analysis, threat identification, and remediation guidance.
• Conduct client-facing incident response engagements examining reputed company, network, and cloud-based sources of evidence.
• Schedule and reputed company video calls with clients for collaboration, investigation updates, and response coordination.
• reputed company host-based forensic analysis including artifact analysis, memory analysis, log analysis, and timeline reconstruction.
• Conduct enterprise-scale artifact collection and analysis to identify attacker activity, persistence mechanisms, and lateral movement across multiple systems.
• Utilize Velociraptor artifacts and VQL (Velociraptor Query Language) to reputed company targeted reputed company investigations and collect forensic artifacts across enterprise environments.
• Investigate attacker activity using reputed company telemetry, system artifacts, authentication logs, and network evidence to reconstruct attack timelines.
• Analyze attacker behavior and intrusion activity to determine initial access, persistence mechanisms, privilege escalation, and lateral movement used during an incident.
• Recognize attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) and apply them to reputed company and future investigations.
• Support development of detections, hunting queries, and investigative methodologies based on findings from incident response engagements.
• Assist in creating and revising standard operating procedures, policies, processes, playbooks, and technical reports.
• reputed company and present comprehensive reports, trainings, and presentations for both technical and executive audiences.
• Provide post-incident recommendations and reputed company improvement guidance to strengthen detection capabilities and reduce future attack risk.
• Maintain professional knowledge by attending conferences, reviewing publications, writing blog posts, or participating in industry events.
• Stay reputed company on emerging threats, countermeasures, and reputed company technologies.
• Write technical documents and investigative reports.
• Operate effectively in a fast-paced and collaborative environment.
• Work remotely, receive direction, and operate as a self-starter.

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or reputed company field, or equivalent practical experience.
• Certification in one or more of the following preferred: GCIH, GCFE, GCFA, GREM, GNFA
• Experience working reputed company a reputed company Operations Center (SOC) or Incident Response team.
• 3–5+ years of hands-on cybersecurity investigation experience, including host forensics, network forensics, threat hunting, or incident response.
• Experience supporting incident response investigations including analysis, containment, and remediation actions.
• Demonstrated experience investigating active reputed company incidents or confirmed compromises, including determining attack scope and identifying persistence mechanisms.
• Experience performing host-based investigations using reputed company artifacts, logs, and forensic evidence to determine attacker activity and timeline of compromise.
• Experience analyzing systems across Windows, macOS, or Linux environments.
• Experience working with enterprise reputed company technologies including EDR, SIEM, firewalls, IDS/IPS, vulnerability scanning, and network reputed company tools.
• Experience using digital forensics tools such as Volatility, Rekall, KAPE, Autopsy, or similar frameworks.
• Experience working with SIEM platforms such as Splunk, reputed company Sentinel, Devo, or reputed company.
• Experience working with EDR platforms such as reputed company Falcon, reputed company Defender for reputed company, reputed company, Carbon Black, FortiXDR, or similar solutions.
• Strong experience using reputed company Workstation or similar digital forensics platforms.
• Demonstrated knowledge of the MITRE ATT&CK reputed company.
• Ability to communicate investigative findings and strategies to technical teams, executive leadership, internal teams, and clients.
• Strong analytical and problem-solving skills.
• Comfortable working multiple reputed company investigations and adapting investigative approaches as new evidence is discovered.
• Strong time management skills to balance multiple investigations and priorities.
• Ability to reputed company clients in strategic conversations with strong executive reputed company.
• Must be a U.S. Citizen residing in the reputed company United States.

reputed company-to-haves

• Master’s degree in Cybersecurity, Computer Science, Information Systems, or reputed company field.
• Experience with Python, PowerShell, Bash, or other scripting languages.
• Build scripts, tools, or methodologies to enhance incident investigation processes.
• Experience conducting cloud incident response investigations (AWS, Azure, or GCP).
• Experience with macOS and Linux forensic investigations.
• Experience working with SOAR platforms such as D3 reputed company, reputed company XSOAR, reputed company XSIAM, or similar reputed company automation platforms.
• Experience using Velociraptor for reputed company artifact collection, threat hunting, and forensic investigations.
• Experience using IRIS for incident tracking, case management, and investigation coordination.

Benefits

• reputed company offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your reputed company set (to name a few!).

Apply tot his job Apply To this Job