Sr Incident Response Analyst

Job Summary

This is a 3-month contract position with the possibility of extension or conversion, seeking a seasoned Incident Response professional. The role requires 4-6+ years of hands-on experience managing enterprise cybersecurity incidents in hybrid environments. The ideal candidate possesses strong technical skills in EDR tools, SIEM platforms (e.g., Splunk), and cloud infrastructure. A proactive communicator and coordinator, you will lead incident response efforts from start to finish, collaborate with various teams, and continuously improve DFIR processes through automation, documentation, and best practices. This is a 100% remote position.

Location Requirement: Must be located in CST or EST time zones.

Must-Haves

• Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science)
• 4-6 years of related experience
• 5+ years of experience in Security Operations, Incident Response, and/or Digital Forensics
• Prior Incident Response experience in a hybrid enterprise environment
• Proficiency with security tools such as Splunk, EDR, Tanium, etc.
• Strong understanding of cloud environments

Preferred Experience

• Strong communication skills
• Experience conducting IR activities in hybrid environments
• Excellent organization and time management skills
• Ability to leverage AI and automation to improve workflow processes

Disqualifiers

• [Details not provided]

About the Role

This remote role functions as an incident coordinator, providing essential incident response support to the Digital Forensics and Incident Response (DFIR) team. The DFIR team comprises subject matter experts dedicated to swiftly responding to escalated incidents, investigating cybersecurity threats, protecting cloud and on-premises assets, and enhancing the organization's DFIR capabilities.

Day-to-Day Responsibilities

As an incident coordinator, you will support various incident response (IR) activities. You will collaborate with business units to execute enterprise-wide containment, remediation, recovery actions, and strategic initiatives. You will also contribute to the maturity of the DFIR team by establishing documentation and best practices, ensuring seamless cross-team communication. Your expertise in hybrid enterprise environments will be crucial in guiding response activities throughout the incident response lifecycle.

Position Purpose

• Resolve security incidents and recommend enhancements to improve security.
• Identify common attack patterns targeting publicly exposed aspects of the organization's environment.
• Contribute to the implementation of scalable and preventative security measures.
• Execute the enterprise-wide Incident Response Plan.
• Partner with business units to achieve enterprise-wide remediation.
• Develop and deliver presentations to senior leadership.

Education & Experience

• Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and 4-6 years of related experience.
• Equivalent experience acquired through applicable knowledge, duties, scope, and skills reflective of this position level will also be considered.

Technical Skills

• Knowledge of threat actor Tools, Techniques, and Procedures (TTPs).
• Understanding of Indicators of Compromise (IOCs).
• Experience with Endpoint Protection and Enterprise Detection & Response software (e.g., CrowdStrike, Carbon Black).
• Knowledge of network and infrastructure technologies (routers, switches, firewalls, etc.).

Soft Skills

• Learning & Development: Seeks to acquire knowledge in their area of specialty.
• Problem Solving: Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions.
• Autonomy: Ability to work independently.
• Analytical Skills: Demonstrated analytical capabilities.
• Project Management: Demonstrated project management skills.
• Accuracy & Composure: Demonstrates a high level of accuracy, even under pressure.
• Judgment: Demonstrates excellent judgment and decision-making skills.

Licenses & Certifications

• Required: SANS GIAC Security Essentials (GSEC), SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent, or SANS GIAC Certified Incident Handler (GCIH) or equivalent.

Responsibilities

• Review current configurations of production information systems and networks against compliance standards.
• Prepare for and resolve security breaches, ensuring incident and response management processes are initiated.
• Implement and discuss security service audit schedules, review access authorizations, and perform access control testing to identify security shortfalls.
• Design automated scripts, contingency plans, and other programmed responses triggered by detected attacks.
• Collaborate with Information Security Architects, Engineers, and software/hardware stakeholders.
• Notify internal and/or external teams according to alert priority levels and escalation trees; triage security alerts, events, and notifications.
• Integrate third-party attack monitoring and threat reporting services into internal Cyber Incident Response Team (CIRT) communication systems.
• Perform post-mortem analysis using logs, network traffic flows, and other recorded information to identify intrusions and unauthorized activities.
• Perform other duties as assigned.
• Comply with all policies and standards.