Incident Response Analyst

Trend Micro•Irving, TX

3d•Hybrid

About The Position

In this role, you're not just responding to breaches. You're the person customers rely on when it matters most. You'll build trusted relationships with enterprise customers, translate complex threat data into intelligence that drives decisions, and lead organisations through their most critical security moments with clarity and control. Working alongside AI systems that accelerate your investigative capabilities, you'll compress detection times from hours to minutes and deliver insights that turn incidents into lasting security improvements. Every forensic analysis you conduct, every malware sample you dissect, and every recommendation you make leaves customers measurably harder to compromise than before you arrived. As an Incident Response Analyst, you'll investigate sophisticated security breaches, lead containment under pressure and become the person enterprise customers trust when everything is on the line. You'll be the critical link between TrendAI Vision One™ and customer recovery, operating across global threat operations where seconds matter, relationships are everything and AI amplifies what you're already capable of. You will also play an active role in shaping how AI transforms incident response. That means contributing to automation initiatives, stress-testing AI-driven workflows and helping define how our analysts and AI systems work together to respond faster, investigate deeper and protect more effectively at scale. The analysts who join us now are not just using the tools. They are helping build them.

Requirements

Bachelor's degree in Computer Science, Cybersecurity, Information Security, or related field
3+ years in security operations with demonstrated expertise in: Incident response and forensics; Malware analysis and threat investigation; SOC operations or security monitoring.
AI in Practice: Familiarity with how AI and automation are reshaping incident response workflows, from alert triage to forensic analysis. Curiosity about where it's going matters as much as where you are today.
OS & Network Forensics: Advanced Windows and Linux forensics (registry, event logs, artifacts, filesystem analysis).
Forensics Tools: SIFT Workstation, WinPMEM, dd/dclfdd, Autopsy, Volatility Framework, FTK Imagerm Wireshark, Bro/SiLK, Netflow, tcpdump – or similar OS/Network Tools.
Log Analysis & Correlation: SIEM platforms, syslog analysis, event correlation procedures
Malware analysis: Static and dynamic analysis techniques.
Threat Intelligence: Understand threat actor TTPs and MITRE ATT&CK framework alignment; contribute to organizational threat intelligence. Leverage threat intelligence platforms.
TrendAI familiarity: Working knowledge of the Vision One platform or equivalent threat intelligence/XDR platforms.
Strong written and verbal communication, ability to translate complex forensic findings for technical and executive audiences.
Self-directed learner with aptitude for rapidly mastering new tools and threat landscapes.
Comfortable working under pressure; thrives in fast-paced, high-stakes environments.
Ability to work 24/7 rotating shifts, including nights, weekends, and holidays.
Willing to travel when required.
Strong analytical and problem-solving skills with ability to work effectively in a global team environment.
Comfortable speaking to customer via e-mail, chat and phone.

Nice To Haves

GCIH (GIAC Certified Incident Handler).
GCFA / GCFE (GIAC Certified Forensic Analyst / Examiner).
CISSP or OSCP.

Responsibilities

Forensic Investigation: Conduct root cause analysis of security breaches; determine attack vectors, scope and business impact with precision and accountability.
Incident Response: Lead containment and threat eradication using TrendAI Vision One™, coordinating across internal teams and customer stakeholders from first alert to resolution.
Threat Analysis & Detection: Analyze malware and threat components; develop and refine detection rules; generate threat intelligence and IoCs.
Customer Reporting: Create executive-ready incident reports; deliver briefings to stakeholders; recommend security improvements.
Proactive Threat Operations: Hunt for advanced threat indicators across customer networks; improve detection logic and fidelity.
AI Orchestration: Contribute to automation and AI initiatives that compress response times, reduce analyst burden, and sharpen the overall quality of MDR delivery.