This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

This role focuses on hands-on investigation of cybersecurity incidents, threat hunting, and forensic analysis across endpoint, network, and cloud environments.

• Serve as an Incident Response (IR) Analyst supporting the Analysis on Demand (AoD) team.
• Drive client meetings to discuss incident scope, investigative findings, and response updates while producing clear and detailed technical reports.
• Conduct incident triage and verification, determine scope of compromise, perform threat hunting, and provide containment and remediation recommendations to customers.
• Serve as a primary responder and point of contact during incident response engagements, supporting forensic investigation, analysis, and resolution of security incidents.
• Work directly with clients to perform investigations, forensically analyze systems, and identify attacker activity across enterprise environments.
• Analyze compromised systems to determine attack vectors, persistence mechanisms, lateral movement, and attacker techniques.
• Identify attacker tools, tactics, and procedures (TTPs) and understand evolving threat actor behaviors.
• Follow industry incident response best practices for containment, eradication, and recovery.
• This position focuses on hands-on investigation and incident response, not alert monitoring or tier-1 SOC duties.
• Must be familiar with incident response best practices and procedures.
• Must have Windows-based incident response and computer forensics experience.
• Must be familiar with network analysis, memory analysis, and digital forensics investigations.
• Must possess excellent verbal and written communication skills, including the ability to present findings and recommendations to technical teams and leadership.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent practical experience.
• Certification in one or more of the following preferred: GCIH, GCFE, GCFA, GREM, GNFA.
• Experience working within a Security Operations Center (SOC) or Incident Response team.
• 3–5+ years of hands-on cybersecurity investigation experience, including host forensics, network forensics, threat hunting, or incident response.
• Experience supporting incident response investigations including analysis, containment, and remediation actions.
• Demonstrated experience investigating active security incidents or confirmed compromises, including determining attack scope and identifying persistence mechanisms.
• Experience performing host-based investigations using endpoint artifacts, logs, and forensic evidence to determine attacker activity and timeline of compromise.
• Experience analyzing systems across Windows, macOS, or Linux environments.
• Experience working with enterprise security technologies including EDR, SIEM, firewalls, IDS/IPS, vulnerability scanning, and network security tools.
• Experience using digital forensics tools such as Volatility, Rekall, KAPE, Autopsy, or similar frameworks.
• Experience working with SIEM platforms such as Splunk, Microsoft Sentinel, Devo, or Sumo Logic.
• Experience working with EDR platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black, FortiXDR, or similar solutions.
• Strong experience using SIFT Workstation or similar digital forensics platforms.
• Demonstrated knowledge of the MITRE ATT&CK Framework.
• Ability to communicate investigative findings and strategies to technical teams, executive leadership, internal teams, and clients.
• Strong analytical and problem-solving skills.
• Comfortable working multiple concurrent investigations and adapting investigative approaches as new evidence is discovered.
• Strong time management skills to balance multiple investigations and priorities.
• Ability to lead clients in strategic conversations with strong executive presence.
• Must be a U.S. Citizen residing in the continental United States.

Requirements

• Master’s degree in Cybersecurity, Computer Science, Information Systems, or related field.
• Experience with Python, PowerShell, Bash, or other scripting languages.
• Build scripts, tools, or methodologies to enhance incident investigation processes.
• Experience conducting cloud incident response investigations (AWS, Azure, or GCP).
• Experience with macOS and Linux forensic investigations.
• Experience working with SOAR platforms such as D3 Security, Cortex XSOAR, Cortex XSIAM, or similar security automation platforms.
• Experience using Velociraptor for endpoint artifact collection, threat hunting, and forensic investigations.
• Experience using IRIS for incident tracking, case management, and investigation coordination.

Benefits

• Competitive medical, dental and vision coverage for employees and dependents.
• 401k match which vests every payroll.
• Flexible and remote friendly work environment.
• Training opportunities to expand your skill set.