GPS - Incident Response Analyst - Associate

EY•Atlanta, GA

19h•Hybrid

About The Position

As an Incident Response Analyst – Associate, you will support security incident response efforts related to information security events or incidents stemming from suspected internal or external threats. This role focuses on executing defined incident response tasks under guidance while gaining hands-on experience supporting new and evolving enclave security processes. The role provides exposure to multiple security domains and an opportunity to grow technical and investigative skills within a structured incident response program. The Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. The GPS Technology Organization implements and maintains a new operating and technology model designed specifically to support U.S. defense and Government engagements.

Requirements

Bachelor’s Degree in Computer Science, Cybersecurity, Computer Engineering or related field; or equivalent relevant experience
0–2 years of relevant experience or internships in cybersecurity, incident response, or digital forensics
Foundational understanding of Windows operating systems
Basic understanding of SaaS, PaaS, and IaaS cloud concepts
Familiarity with evidence handling procedures and chain-of-custody principles
Understanding of common cyber-attack techniques and MITRE ATT&CK framework
Ability to work collaboratively across physical and virtual locations
Action-oriented with a proactive approach to learning and problem solving
Ability to operate in high-security, least-privilege environments
Ability to obtain and maintain a Top Secret Security Clearance

Nice To Haves

Exposure to Microsoft Azure and Microsoft 365 environments
Basic familiarity with PowerShell or another scripting language
Introductory experience supporting cloud or endpoint security operations
Awareness of NIST 800-171 and CMMC security concepts
Entry-level certifications such as AZ-900, Security+, or equivalent

Responsibilities

Assist with acquisition and collection of computer artifacts (e.g., malware, system/user logs, data artifacts) in support of Cyber Defense engagements
Support triage of system assets and assist in determining evidentiary value
Assist with correlating forensic findings to network events
Collect and document system state information (e.g., running processes, network connections)
Support forensic triage activities to help determine scope, urgency, and potential impact
Track and document forensic analysis activities under supervision
Assist with collection, processing, preservation, analysis, and presentation of computer-related evidence while maintaining chain-of-custody requirements
Support coordination efforts with GPS Enclave staff to validate and investigate alerts
Assist with tuning and building alerts and analytics within SIEM platforms
Support Vulnerability Management and DLP solution activities by assisting with validation and documentation
Participate in developing and maintaining incident response procedures and documentation
Assist with analysis of forensic images and contribute to forensic write-ups
Support documentation and publication of Computer Network Defense (CND) guidance and reports