Binary Defense
Real people detecting real threats in real time.
Cybersecurity Incident Response Analyst
Location
Texas
Posted
14 hours ago
Salary
Not specified
Bachelor Degree3 yrs expExperience acceptedEnglishCyber SecurityFirewallsLinuxMac OSSplunk
Job Description
• Serve as an Incident Response (IR) Analyst supporting the Analysis on Demand (AoD) team.
• Drive client meetings to discuss incident scope, investigative findings, and response updates while producing clear and detailed technical reports.
• Conduct incident triage and verification, determine scope of compromise, perform threat hunting, and provide containment and remediation recommendations to customers.
• Serve as a primary responder and point of contact during incident response engagements, supporting forensic investigation, analysis, and resolution of security incidents.
• Work directly with clients to perform investigations, forensically analyze systems, and identify attacker activity across enterprise environments.
• Analyze compromised systems to determine attack vectors, persistence mechanisms, lateral movement, and attacker techniques.
• Identify attacker tools, tactics, and procedures (TTPs) and understand evolving threat actor behaviors.
• Follow industry incident response best practices for containment, eradication, and recovery.
• This position focuses on hands-on investigation and incident response, not alert monitoring or tier-1 SOC duties.
• Must be familiar with incident response best practices and procedures.
• Must have Windows-based incident response and computer forensics experience.
• Must be familiar with network analysis, memory analysis, and digital forensics investigations.
• Must possess excellent verbal and written communication skills, including the ability to present findings and recommendations to technical teams and leadership.
Job Requirements
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent practical experience.
- Certification in one or more of the following preferred: GCIH, GCFE, GCFA, GREM, GNFA
- 3–5+ years of hands-on cybersecurity investigation experience, including host forensics, network forensics, threat hunting, or incident response.
- Experience supporting incident response investigations including analysis, containment, and remediation actions.
- Demonstrated experience investigating active security incidents or confirmed compromises, including determining attack scope and identifying persistence mechanisms.
- Experience performing host-based investigations using endpoint artifacts, logs, and forensic evidence to determine attacker activity and timeline of compromise.
- Experience analyzing systems across Windows, macOS, or Linux environments.
- Experience working with enterprise security technologies including EDR, SIEM, firewalls, IDS/IPS, vulnerability scanning, and network security tools.
- Experience using digital forensics tools such as Volatility, Rekall, KAPE, Autopsy, or similar frameworks.
- Experience working with SIEM platforms such as Splunk, Microsoft Sentinel, Devo, or Sumo Logic.
- Experience working with EDR platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black, FortiXDR, or similar solutions.
- Strong experience using SIFT Workstation or similar digital forensics platforms.
- Demonstrated knowledge of the MITRE ATT&CK Framework.
- Ability to communicate investigative findings and strategies to technical teams, executive leadership, internal teams, and clients.
- Strong analytical and problem-solving skills.
- Comfortable working multiple concurrent investigations and adapting investigative approaches as new evidence is discovered.
- Strong time management skills to balance multiple investigations and priorities.
- Ability to lead clients in strategic conversations with strong executive presence.
- Must be a U.S. Citizen residing in the continental United States.
Benefits
- competitive medical, dental and vision coverage for employees and dependents
- 401k match which vests every payroll
- flexible and remote friendly work environment
- training opportunities to expand your skill set
