Cyber Incident Response System Analyst

Overview

Responsibilities

• Monitor and analyze security alerts from multiple sources (SIEM, EDR, network tools) to identify potential incidents.
• Assist in investigating and responding to cybersecurity incidents, following established playbooks and procedures.
• Escalate complex incidents to senior analysts and work with them to coordinate containment, eradication, and recovery actions.
• Maintain accurate incident records, timelines, and evidence for each investigation.
• Contribute to updating incident response procedures and playbooks as threats evolve.
• Support investigations in cloud and network environments using logs, packet captures, and threat intelligence sources.
• Identify potential indicators of compromise and collaborate with other teams to validate findings.
• Participate in postincident reviews to capture lessons learned and suggest improvements to detection and response processes.
• Assist in implementing recommendations to strengthen security controls.
• Work closely with SOC analysts, threat hunters, and engineers to build investigative and analytical skills.
• Stay current with emerging threats, attack techniques, and industry best practices to enhance response capabilities.

Qualifications

• Bachelor's Degree in computer Science or related field and 2 years of work experience in Cyber or in an IT related field. or
• Associate's Degree in computer science or related field and 4 years of relevant work experience, with at least 2 years of work experience in an IT field or
• High School Diploma/GED and 5 years of relevant work experience, with at least 3 years of work experience in an IT field.

• Prior Cybersecurity experience, required.
• Knowledge in using known commercial and/or open-source cyber tools, required.
• Understanding of industry standard policies, processes, and procedures, required.
• Understanding of chain of custody, required.
• Previous experience creating timelines and completing a root cause analysis, required.
• Proficiency in collecting, analyzing the evidence collected and creating reports based on the findings to different stakeholders: (Technical, Executive, etc.), required.
• Knowledge of current and evolving cyber threat landscape, required.
• Ability to remain agile and work in a fast-paced environment, required.
• Ability to handle multiple priorities effectively, required.
• Understanding of OT systems, protocols, and industrial control systems (ICS), Preferred.
• Certifications such as CompTIA Security+, CySA+, GSEC, or other entry/midlevel cybersecurity credentials, preferred.
• Familiarity with SIEM tools, EDR platforms, and network monitoring systems, preferred.
• Basic experience with scripting languages (Python, PowerShell) to automate simple tasks, preferred.
• Understanding of cloud environments (AWS, Azure, or GCP) and basic cloud security principles, preferred.
• Strong analytical thinking, attention to detail, and willingness to learn advanced incident response techniques, preferred.

• Well organized, detail oriented and flexible to handle multiple assignments
• Demonstrated analytical skills
• Demonstrated written communication skills
• Possesses flexibility to work in a fast paced, dynamic environment

• Driver's License Required

• Sit or stand to answer a phone for the duration of the workday
• Sit or stand to use a keyboard, mouse, and computer for the duration of the workday
• Ability to read small print and symbols

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.