Cyber Security Incident Response Analyst – Intermediate

About The Position

Requirements

• Experience: Minimum of 2-5 years of experience in a dedicated incident response, security operations center (SOC), or closely related cybersecurity role.
• A bachelor’s degree in cyber security or related field can replace experience requirements.
• Core Knowledge: Strong understanding of the incident response lifecycle (e.g., NIST framework), common attack vectors, and foundational network and endpoint forensics.
• Tool Experience: Hands-on experience investigating and responding to threats using Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms.
• Skills: Proven analytical and problem-solving abilities, with a capacity to work independently on incidents of varying complexity.
• Communication: Excellent communication skills, with demonstrated ability to write clear, concise incident reports and collaborate effectively with other technical teams.
• Environment: Proven ability to work in a fast-paced 24x7 security operations environment, effectively managing and prioritizing multiple incidents.
• Clearance: Must be able to obtain and maintain a Secret security clearance.
• Candidates must possess one of the following certifications prior to start date: · CompTia Security+, Certified Ethical Hacker (CEH), CYSA+

Nice To Haves

• Military/DoD Experience: Familiarity with U.S. military policies, procedures, and organizational structures.
• Cyber Security Controls: Foundational understanding of cybersecurity controls and the importance of adhering to security policies in a professional environment.
• Network Analysis: Basic experience reviewing network activity logs and an understanding of common network protocols (e.g., DNS, HTTP, SMB).
• Endpoint Security: Familiarity with reviewing security events from standard endpoint platforms (e.g., antivirus, host firewalls).
• Tool Familiarity: Exposure to or academic experience with some of the following tools: · A SIEM platform (e.g., Splunk, Kibana, Sentinel) · MDE EDR platform and or KQL · ServiceNow or another ticketing system · Linux Command Line

Responsibilities

• Incident Lifecycle Management: Independently manage the full lifecycle of low to medium-severity security incidents, beginning with the continuous monitoring and triage of alerts from SIEM and EDR tools, and proceeding through containment, eradication, and recovery.
• Log and Endpoint Analysis: Conduct detailed analysis of logs from various sources, including network devices, servers, and applications, as well as endpoint data from EDR platforms to investigate security events.
• Containment and Remediation: Utilize security tools to contain active threats, such as isolating endpoints or blocking malicious IP addresses. Execute and verify remediation steps to resolve the incident.
• Playbook Execution and Refinement: Execute complex incident response playbooks and provide constructive feedback to senior handlers for the refinement and improvement of current procedures.
• Reporting: Create clear and comprehensive incident reports detailing the timeline of events, investigative steps, root cause analysis, and actions taken to resolve the incident.