INCIDENT RESPONSE CONSULTANT L1

About The Position

Requirements

• Linux and Windows Server administration fundamentals.
• Familiarity with cloud platforms (Azure, AWS, GCP) and their security services.
• Working knowledge of security tools: EDR, SIEM (Sentinel, Splunk, etc.), SOAR, and threat intelligence platforms.
• Understanding of networking fundamentals, TCP/IP, and common attack techniques.
• Ability to read and modify code (Python, PowerShell, KQL) for analysis and automation.
• Working knowledge of git version control including branching, commits, and pull request workflows.
• Proficiency with AI-assisted tools (Claude Code, GitHub Copilot, or equivalent) for accelerating security analysis and task automation.
• Understanding of AI/LLM security risks including prompt injection, data leakage, and model limitations.
• Ability to critically evaluate AI-generated outputs for accuracy and security implications.
• Willingness to adopt agentic AI workflows and AI-augmented tooling as part of daily security operations.
• Analytical mindset with ability to identify indicators of compromise and correlate events across data sources.
• Strong communication skills with ability to convey technical concepts to diverse audiences.
• Customer-focused with professional consulting demeanor.
• 1-3 years of experience in security operations, incident response, or security consulting. Prior SOC analyst or IR experience preferred.
• Required certifications within 12 months: Microsoft Azure Security Technologies (AZ-500), Microsoft Security Operations Analyst (SC-200), Microsoft Identity and Access Administrator (SC-300).

Nice To Haves

• Certifications preferred: Security+, CySA+, CEH.
• Associate’s or Bachelor’s Degree in Information Technology, Cybersecurity, or related field preferred.

Responsibilities

• Consult with customers on security events, providing analysis and recommendations for response actions tailored to their environment.
• Analyze security data across SIEM, EDR, and cloud platforms to identify threats and advise on appropriate countermeasures.
• Provide guidance to customers through the incident response lifecycle based on NIST 800-53 and SANS best practices.
• Investigate potential compromises and recommend remediation strategies appropriate to customer risk tolerance and business requirements.
• Advise customers on security best practices, control improvements, and risk mitigation approaches.
• Analyze emerging threats and vulnerabilities; provide recommendations on defensive measures.
• Document findings, recommendations, and consultation outcomes for customer delivery.
• Collaborate with senior consultants on complex engagements and escalate as appropriate.

Benefits

• Armor Offers A Strong Total Rewards Package Designed To Support Employees’ Health, Well-Being, And Financial Future. U.S. Team Members Enjoy Comprehensive Benefits Including Medical, Dental, And Vision Insurance, Life And Disability Coverage, Paid Time Off, And Professional Development Support. The Company’s Retirement Plan Includes A 401(K) With Employer Matching Contributions, Helping Employees Build Long-Term Savings As Part Of Their Financial Planning. Many Roles Also Offer Tuition Reimbursement And Work-Life Balance Perks Like Flexible Schedules And Remote Work Options.