Incident Response Analyst, Mid

Booz Allen Hamilton•Bethesda, MD

2d•$62,000 - $141,000

About The Position

The Opportunity: Serve as a key member of a 24x7x365 Security Operations Center and Incident Response team, responsible for continuous monitoring, detection, investigation, and response to cybersecurity threats across enterprise networks, endpoints, applications, and security platforms. Perform incident response activities, such as alert and incident triage, log and artifact analysis, threat identification, containment support, and incident documentation while leveraging SIEM, EDR, IDS/IPS, SOAR, and forensic tools to validate and escalate security events. Contribute to the development of incident response playbooks and standard operating procedures, conduct proactive threat hunting using behavioral analytics and threat intelligence, and support continuous monitoring and assessment efforts to identify risks and strengthen detection capabilities. Collaborate closely with federal stakeholders, communicate findings to technical and non‑technical audiences, and produce high‑quality reports and briefings, all while helping to advance the maturity and effectiveness of the organization’s security operations. You Have:

Requirements

2+ years of experience in a Security Operations Center (SOC) performing incident response activities, including event triage, log and artifact analysis, threat identification, incident documentation, and coordination of response actions
Experience analyzing and responding to security events across enterprise networks, endpoints, applications, and security platforms, such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability management tools
Experience developing or contributing to incident response playbooks, workflows, or standard operating procedures
Experience with continuous monitoring and security assessment practices, including control evaluation and risk identification
Experience with security tools and investigative techniques used by SOC and incident response teams, such as packet analysis, log correlation, malware triage, and forensic imaging
Ability to communicate clearly with both technical and non-technical audiences
Ability to produce high‑quality incident reports, briefings, and technical documentation
Public Trust
Bachelor's degree

Nice To Haves

Experience with enterprise security technologies, including SOAR platforms, and digital forensics solutions
Experience conducting threat hunting activities, leveraging behavioral analytics, threat intelligence, and anomaly detection to identify emerging threats
Knowledge of cybersecurity principles, including network security, endpoint security, identity and access management, and secure configuration baselines
Knowledge of modern application and infrastructure security concepts, such as container security, API security, and workload protection
Ability to build strong client relationships, collaborate across teams, and communicate complex technical concepts in a clear manner
CISSP, CySA+, GCIH, GSEC, CISSP certifications

Responsibilities

continuous monitoring
detection
investigation
response to cybersecurity threats across enterprise networks, endpoints, applications, and security platforms
alert and incident triage
log and artifact analysis
threat identification
containment support
incident documentation
development of incident response playbooks and standard operating procedures
conduct proactive threat hunting using behavioral analytics and threat intelligence
support continuous monitoring and assessment efforts to identify risks and strengthen detection capabilities
Collaborate closely with federal stakeholders
communicate findings to technical and non‑technical audiences
produce high‑quality reports and briefings
advance the maturity and effectiveness of the organization’s security operations