Cyber Incident Response Analyst

Expert In Recruitment Solutions

Austin, TX

JOB DETAILS
SKILLS
Analysis Skills, Case Management, Documentation, File Systems, Forensic Science, Hunting, IR (Infrared), Incident Management, Incident Response, Internet Security, Intrusion Detection Systems, Intrusion Prevention Systems, Leadership, Linux Operating System, Malware Analysis, Memory Hardware, Microsoft Windows Operating System, Network Monitoring, On Call, Reporting Skills, Security Information and Event Management (SIEM), Telecommunications, Telemetry
LOCATION
Austin, TX
POSTED
18 days ago
Title: Cyber Incident Response Analyst.
Location: Austin OR San, Antonio, TX - Hybrid


Candidates must reside withinAustin OR San, Antonio, TX.

Responsibilities:
·Perform advanced incident response across Windows and Linux environments, including triage, containment, eradication, and recovery.
·Conduct host-based forensics, including log analysis, memory capture, file system review, and malware behavior analysis.
·Serve as Incident Commander during cybersecurity events, coordinating actions, documenting decisions, and communicating with leadership and affected agencies.
·Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings to MITRE Telecommunication&CK.
·Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring tools.
·Produce incident reports, timelines, and executive summaries for statewide stakeholders.
·Support multi-agency response operations, including SLTT partners and critical infrastructure entities.
·Provide recommendations for detection improvements, hardening, and long-term mitigation.
·Participate in post-incident reviews, lessons learned, and playbook updates.
·Maintain readiness for 24x7 response through on-call rotation or surge support.

Qualifications:
Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
YearsRequired/PreferredExperience
5RequiredAdvanced host based forensics across Windows and Linux, including memory, disk, and malware analysis, using telemetry from NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and reconstruct attacker activity.
5RequiredAbility to correlate host, network, and intelligence data from CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and NetWitness to build complete incident timelines.
5RequiredExperience producing high quality incident reports and executive summaries using evidence collected from Gravwell, NetWitness, Corelight, and case management workflows.
4RequiredStrong understanding of adversary TTPs, intrusion kill chains, and threat hunting methodologies using packet level and log level data from but not limited to Corelight, NetWitness, and CRIBL pipelines.
3RequiredIncident Commander experience
1RequiredExperience supporting SLTT or critical infrastructure environments, including multi tenant IR operations and cross agency coordination.
5PreferredProficiency with threat intelligence platforms, including Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant, to enrich investigations, validate indicators, and map activity to MITRE Telecommunication&CK.
5PreferredHands on experience using Cyware CSAP for incident orchestration, automated enrichment, case creation, and workflow execution across SIEM, IPS, EDR, and ticketing systems.
4PreferredSecurity Certifications Preferred (CISSP, CIH, Sec+)


About the Company

E

Expert In Recruitment Solutions