Cyber Incident Response Analyst

About The Position

Requirements

• Bachelor’s degree in one of the following or related fields: Cybersecurity Computer Science Information Systems Digital Forensics Computer Engineering Cyber Operations
• Understanding of networking concepts including DNS, HTTP/S, SMTP, and firewall fundamentals
• Familiarity with log analysis and security monitoring tools
• Strong documentation and report writing skills
• Ability to make reasoned decisions under pressure
• Demonstrates discretion when handling sensitive information
• Understands when to escalate and when to investigate further independently
• Strong problem-solving ability
• Ability to correlate disparate data sources
• Attention to detail while maintaining awareness of broader risk implications
• Clear written and verbal communication skills
• Ability to translate technical findings into business risk language
• Professional presence when interacting with partners, legal, and client-facing teams
• High integrity and strong ethical standards
• Curiosity and desire to continuously learn
• Ability to manage competing priorities in a fast-paced environment
• Team-oriented with the confidence to operate autonomously when required

Nice To Haves

• Candidates should have completed coursework in several of the following areas: Network Security and TCP/IP fundamentals Operating Systems (Windows and Linux internals) Digital Forensics Malware Analysis Cloud Security (Azure, AWS, or GCP) Incident Response methodologies Risk Management frameworks (NIST CSF, ISO 27001) Legal and regulatory aspects of cybersecurity
• Basic scripting ability in Python, PowerShell, or Bash preferred
• Working knowledge of Windows, Linux, and Active Directory environments
• Understanding of MITRE ATT&CK framework and common adversary techniques
• CompTIA Security+
• CompTIA CySA+
• GIAC GCIH (GIAC Certified Incident Handler)
• GIAC GCIA (GIAC Certified Intrusion Analyst)
• eLearnSecurity eJPT
• Microsoft SC-200
• AWS Certified Security Specialty
• Participation in cyber competitions, capture-the-flag events, internships in security operations, or prior SOC experience is strongly preferred.

Responsibilities

• Analyze suspicious activity to determine scope, impact, and potential business risk
• Escalate confirmed or high-risk incidents in accordance with established playbooks
• Perform basic malware analysis and artifact review
• Support forensic evidence preservation in accordance with legal and regulatory requirements
• Document timelines, findings, and response actions in a defensible manner
• Participate in after-action reviews and recommend control improvements
• Contribute to playbook updates and automation efforts
• Participate in tabletop exercises and simulated incident scenarios
• Stay current with emerging threats, attacker tactics, and defensive strategies

Benefits

• At RSM, we offer a competitive benefits and compensation package for all our people.
• We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients.
• Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.