Cyber Incident Response Analyst

Peraton•Fort Huachuca, AZ

1d•$66,000 - $106,000

About The Position

We are looking for a skilled and proactive Incident Handler to join our 24x7 security operations team. The ideal candidate will be instrumental in protecting our organization by independently identifying, analyzing, and responding to cybersecurity incidents. Manage the full lifecycle of security incidents, from detection to resolution, and contribute to the refinement of our defensive playbooks. Experience with Enterprise, Military or Department of War (DOW) operational environment is strongly desired. Key Responsibilities - The Incident Handler will perform essential functions including, but not limited to: Incident Lifecycle Management: Independently manage the full lifecycle of low to medium-severity security incidents, beginning with the continuous monitoring and triage of alerts from SIEM and EDR tools, and proceeding through containment, eradication, and recovery. Log and Endpoint Analysis: Conduct detailed analysis of logs from various sources, including network devices, servers, and applications, as well as endpoint data from EDR platforms to investigate security events. Containment and Remediation: Utilize security tools to contain active threats, such as isolating endpoints or blocking malicious IP addresses. Execute and verify remediation steps to resolve the incident. Playbook Execution and Refinement: Execute complex incident response playbooks and provide constructive feedback to senior handlers for the refinement and improvement of current procedures. Reporting: Create clear and comprehensive incident reports detailing the timeline of events, investigative steps, root cause analysis, and actions taken to resolve the incident.

Requirements

Active DoD Secret Clearance
0 years with BS/BA; 4 years no degree
Military/DoD Experience: Familiarity with U.S. military policies, procedures, and organizational structures.
Candidates must possess one of the following certifications prior to start date: CompTia Security+, Certified Ethical Hacker (CEH), CYSA+
Cyber Security Controls: Foundational understanding of cybersecurity controls and the importance of adhering to security policies in a professional environment.
Network Analysis: Basic experience reviewing network activity logs and an understanding of common network protocols (e.g., DNS, HTTP, SMB).
Endpoint Security: Familiarity with reviewing security events from standard endpoint platforms (e.g., antivirus, host firewalls).
Tool Familiarity: Exposure to or academic experience with some of the following tools: A SIEM platform (e.g., Splunk, Kibana, Sentinel) MDE EDR platform and or KQL ServiceNow or another ticketing system Linux Command Line

Nice To Haves

Experience with Enterprise, Military or Department of War (DOW) operational environment is strongly desired.

Responsibilities

Incident Lifecycle Management: Independently manage the full lifecycle of low to medium-severity security incidents, beginning with the continuous monitoring and triage of alerts from SIEM and EDR tools, and proceeding through containment, eradication, and recovery.
Log and Endpoint Analysis: Conduct detailed analysis of logs from various sources, including network devices, servers, and applications, as well as endpoint data from EDR platforms to investigate security events.
Containment and Remediation: Utilize security tools to contain active threats, such as isolating endpoints or blocking malicious IP addresses. Execute and verify remediation steps to resolve the incident.
Playbook Execution and Refinement: Execute complex incident response playbooks and provide constructive feedback to senior handlers for the refinement and improvement of current procedures.
Reporting: Create clear and comprehensive incident reports detailing the timeline of events, investigative steps, root cause analysis, and actions taken to resolve the incident.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume