Cybersecurity Incident Response Analyst II

About The Position

Requirements

• Demonstrates the ability to perform full investigations, including scoping, timeline reconstruction, root cause identification, and impact assessment.
• Experience operating within EDR and SIEM platforms and using multiple telemetry sources to conduct investigations.
• Hands-on experience with the CrowdStrike Falcon platform (EDR, NG-SIEM, Fusion, or related modules) and familiarity with Falcon Query Language or LogScale is strongly preferred.
• Experience performing proactive threat hunting and identifying activity outside of alert-driven workflows.
• Ability to correlate activity across endpoint, identity, network, and cloud systems without relying on a single tool.
• Familiarity with MITRE ATT&CK and structured incident response practices aligned to frameworks such as NIST 800-61 Rev. 3.
• Experience improving detections, playbooks, or response workflows based on investigation findings and recurring patterns.
• Demonstrates the ability to take ownership during incidents and contribute to coordination or leadership of response activities.
• Strong written and verbal communication skills, including the ability to clearly explain what is happening, what it means, and what needs to happen next during active incidents.
• Ability to work effectively with SOC, engineering, infrastructure, and security teams to investigate and remediate threats.
• Typically 1 to 3 years with bachelor's or equivalent.
• Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.
• Applicant must be a U.S. Person (for example, a U.S. citizen or lawful permanent resident / green card holder) eligible to access Controlled Unclassified Information (CUI)
• This position requires the employee to be a U.S. Citizen or National, or a  lawful permanent resident as defined by 8 U.S.C. 1101(a)(20), or a protected individual as defined by 8 U.S.C. 1324b(a)(3).

Nice To Haves

• Relevant certifications preferred but not required

Responsibilities

• Investigates and responds to escalated cybersecurity incidents, including validation, scoping, containment, and recovery, while determining root cause, scope, and business impact.
• Analyzes activity across endpoint, network, cloud, and identity systems and correlates data across EDR, SIEM, and other telemetry sources to understand attacker behavior.
• Serves as an escalation point for SOC analysts by guiding investigations, improving triage quality, and helping ensure consistency in analysis.
• Performs proactive threat hunting using structured queries, threat intelligence, and observed activity to identify suspicious behavior beyond alert-driven detection.
• Identifies detection gaps and contributes to improving detections, use cases, workflows, and overall response quality.
• Maintains incident response playbooks, procedures, and investigation documentation, and develops clear incident reports and executive summaries for both technical and non-technical audiences.
• Takes ownership of investigative workstreams during complex incidents and, when needed, assumes the role of incident commander until relieved by senior staff.
• Participates in post-incident reviews and contributes to applying lessons learned to improve future detection and response.
• Other duties as assigned

Benefits

• Generous Paid Time Off
• 401K and Pension Plan
• Paid Holidays
• Family Support (Paid Leave, Surrogacy, Adoption)
• Medical, Dental, Vision, and Life Insurance
• Long-term and Short-term Disability Insurance
• Health Savings Account / Flexible Spending Account
• Education Assistance
• Employee Development Resources
• Employee Wellness, Leadership Development and Mentorship Programs