Incident Response Analyst

General Summary of Job Responsibilities

The Incident Response Analyst provides rapid response to cyber security incidents, including identification, analysis, containment, eradication, and recovery activities within the greater Cyber Security Incident Response (CSIRT) and Fusion Center teams. This person will manage detections within security platforms, leveraging Cyber Threat Intelligence (CTI), log data from systems, network devices, and security tools. The Intermediate Incident Response Analyst will also create and maintain process documentation and perform independent threat hunting activities leveraging CTI data. Team members will also support regulatory requirements through evidence gathering and reports detailing security controls within the corporate and Operational Technology (OT) networks.

Essential Duties and Responsibilities

• Performs identification, analysis, containment, eradication, and recovery of security incidents triggered by security platforms and escalated by associate incident response analysts and the Security Monitoring team.
• Researches and analyzes large amounts of structured and unstructured data from internal Cyber Threat Intelligence (CTI), open source intelligence (OSINT), and internal security tooling to develop detection rules and support incident response activities.
• Supports audit and regulatory compliance efforts by gathering evidence of security control implementation, documenting existing security controls, and preparing reports to fulfill audit requests.
• Executes structured, documented threat hunting activities to identify risky or malicious behavior occurring within the network. Triaging and classifying any results for additional analysis
• Routinely develop and update incident response documentation, playbooks, and process to ensure Incident Response team activities align with best practices, minimize gaps in response, and provide comprehensive mitigation of threats
• Develops and maintains automation for routine tasks via SOAR platforms and scripting (e.g., PowerShell, Python)
• Create, update, and monitor key performance indicators and metrics leveraging PowerBI and Excel.
• Other duties as assigned or may be necessary

Knowledge/Skills/Abilities

• Knowledge of the tools, methodologies, and techniques for identifying, prioritizing, and classifying cyber incidents, especially NIST 80053 or SANS incident handling frameworks.
• Understanding of network security architecture concepts, including topology, protocols, components, and principles.
• Knowledge of system and application security threats and vulnerabilities.
• Skilled with standard security tools (SIEM, EDR, IDS)
• Able to participate in after-hours incident response, including weekly 24x7 on-call rotation.
• Able to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) for risk assessment, investigation, and response.
• Able to work both independently and within a team under minimal supervision.
• Able to work in a team-based environment
• Working knowledge of one or more scripting/programming languages (PowerShell, Python, C#)

Education & Experience

• Bachelor's Degree in Security, Computer Science, or related field with 2 years in One or more of the following: Incident response, digital forensics, threat hunting, detection engineering, security engineering OR
• Associate's Degree in Security, Computer Science, or related field with 4 years in Two or more of the following: Incident response, digital forensics, threat hunting, detection engineering, security engineering OR
• High School Diploma or GED with 6 years in following: Incident response, digital forensics, threat hunting, detection engineering, security engineering.