Cybersecurity Incident Response Analyst - REMOTE

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent practical experience.
• Certification in one or more of the following preferred: GCIH, GCFE, GCFA, GREM, GNFA
• Experience working within a Security Operations Center (SOC) or Incident Response team.
• 3–5+ years of hands-on cybersecurity investigation experience, including host forensics, network forensics, threat hunting, or incident response.
• Experience supporting incident response investigations including analysis, containment, and remediation actions.
• Demonstrated experience investigating active security incidents or confirmed compromises, including determining attack scope and identifying persistence mechanisms.
• Experience performing host-based investigations using endpoint artifacts, logs, and forensic evidence to determine attacker activity and timeline of compromise.
• Experience analyzing systems across Windows, macOS, or Linux environments.
• Experience working with enterprise security technologies including EDR, SIEM, firewalls, IDS/IPS, vulnerability scanning, and network security tools.
• Experience using digital forensics tools such as Volatility, Rekall, KAPE, Autopsy, or similar frameworks.
• Experience working with SIEM platforms such as Splunk, Microsoft Sentinel, Devo, or Sumo Logic.
• Experience working with EDR platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black, FortiXDR, or similar solutions.
• Strong experience using SIFT Workstation or similar digital forensics platforms.
• Demonstrated knowledge of the MITRE ATT&CK Framework.
• Ability to communicate investigative findings and strategies to technical teams, executive leadership, internal teams, and clients.
• Strong analytical and problem-solving skills.
• Comfortable working multiple concurrent investigations and adapting investigative approaches as new evidence is discovered.
• Strong time management skills to balance multiple investigations and priorities.
• Ability to lead clients in strategic conversations with strong executive presence.
• Must be a U.S. Citizen residing in the continental United States.

Nice To Haves

• Master’s degree in Cybersecurity, Computer Science, Information Systems, or related field.
• Experience with Python, PowerShell, Bash, or other scripting languages.
• Build scripts, tools, or methodologies to enhance incident investigation processes.
• Experience conducting cloud incident response investigations (AWS, Azure, or GCP).
• Experience with macOS and Linux forensic investigations.
• Experience working with SOAR platforms such as D3 Security, Cortex XSOAR, Cortex XSIAM, or similar security automation platforms.
• Experience using Velociraptor for endpoint artifact collection, threat hunting, and forensic investigations.
• Experience using IRIS for incident tracking, case management, and investigation coordination.

Responsibilities

• Communicate and collaborate with internal and customer teams to investigate and contain incidents for escalated security events and investigations.
• Perform technical cybersecurity investigations including root cause analysis, threat identification, and remediation guidance.
• Conduct client-facing incident response engagements examining endpoint, network, and cloud-based sources of evidence.
• Schedule and lead video calls with clients for collaboration, investigation updates, and response coordination.
• Perform host-based forensic analysis including artifact analysis, memory analysis, log analysis, and timeline reconstruction.
• Conduct enterprise-scale artifact collection and analysis to identify attacker activity, persistence mechanisms, and lateral movement across multiple systems.
• Utilize Velociraptor artifacts and VQL (Velociraptor Query Language) to perform targeted endpoint investigations and collect forensic artifacts across enterprise environments.
• Investigate attacker activity using endpoint telemetry, system artifacts, authentication logs, and network evidence to reconstruct attack timelines.
• Analyze attacker behavior and intrusion activity to determine initial access, persistence mechanisms, privilege escalation, and lateral movement used during an incident.
• Recognize attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) and apply them to current and future investigations.
• Support development of detections, hunting queries, and investigative methodologies based on findings from incident response engagements.
• Assist in creating and revising standard operating procedures, policies, processes, playbooks, and technical reports.
• Develop and present comprehensive reports, trainings, and presentations for both technical and executive audiences.
• Provide post-incident recommendations and security improvement guidance to strengthen detection capabilities and reduce future attack risk.
• Maintain professional knowledge by attending conferences, reviewing publications, writing blog posts, or participating in industry events.
• Stay current on emerging threats, countermeasures, and security technologies.
• Write technical documents and investigative reports.
• Operate effectively in a fast-paced and collaborative environment.
• Work remotely, receive direction, and operate as a self-starter.

Benefits

• Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!).