Building. Solving. Serving.
Senior Incident Response Analyst
Location
United States
Posted
6 hours ago
Salary
$160K - $170K / year
Seniority
Senior
Job Description
Senior Incident Response Analyst
Cherokee Federal
• Investigate, triage, analyze, contain, eradicate, and support recovery activities for cybersecurity incidents across enterprise and cloud environments. • Perform detailed analysis of security events generated by SIEM, EDR/XDR, IDS/IPS, cloud-native security tools, and endpoint technologies. • Collaborate with Security Operations and Splunk Detection Engineering teams to improve detection content, tune alerts, reduce false positives, and enhance detection effectiveness. • Conduct proactive threat hunting using threat intelligence, behavioral analytics, and MITRE ATT&CK techniques. • Perform root cause analysis and recommend corrective and preventive actions. • Document investigation findings, incident timelines, lessons learned, and technical reports. • Assist in developing and maintaining Incident Response playbooks, SOPs, and workflows. • Support digital evidence collection and basic forensic activities while maintaining chain of custody. • Participate in security assessments, architecture reviews, tabletop exercises, phishing simulations, and readiness activities. • Support security reviews of IT systems, applications, and cloud services. • Assist with cybersecurity policies, standards, and operational procedures. • Collaborate with Cloud Security, Vulnerability Management, Infrastructure, and Application teams. • Monitor incident metrics and contribute to operational reporting. • Stay current on emerging threats and industry best practices. • Performs other job-related duties as assigned.
Job Requirements
- 5+ years of cybersecurity experience with at least 3 years in Incident Response, Security Operations, Threat Hunting, or Detection Engineering.
- Hands-on experience investigating Windows, Linux, cloud, identity, and network incidents.
- Experience with SIEM platforms such as Splunk ES, Microsoft Sentinel, QRadar, or similar.
- Experience with EDR/XDR platforms such as Microsoft Defender, CrowdStrike, SentinelOne, or similar.
- Knowledge of AWS GuardDuty, Security Hub, Azure Defender, or equivalent cloud security tools.
- Strong understanding of MITRE ATT&CK and the incident response lifecycle.
- Experience with log analysis, malware triage, threat hunting, and root cause analysis.
- Strong written and verbal communication skills.
- Ability to thrive in a fast-paced operational environment.
- Experience with Splunk Enterprise Security correlation searches and detection tuning preferred.
- Familiarity with Splunk SOAR or similar orchestration platforms preferred.
- Experience supporting phishing investigations and tabletop exercises preferred.
- Knowledge of FISMA, FedRAMP, NIST RMF, NIST 800-61, and NIST CSF preferred.
- Python or PowerShell scripting experience preferred.
- GCIH, GCIA, GCFA, CISSP, Security+, CySA+, or CEH certifications preferred.
- Must be eligible to obtain and maintain a Public Trust.
- Past applicable job experience may include, but is not limited to: Incident Response Analyst, Cybersecurity Analyst, Security Operations Center (SOC) Analyst, Threat Hunter, Detection Engineer, and Cyber Incident Responder.
- Must pass pre-employment qualifications of Cherokee Federal.
Benefits
- Medical
- Dental
- Vision
- 401K
- Other possible benefits as provided. Benefits are subject to change with or without notice.
Related Guides
Related Categories
Related Job Pages
More Incident Response Analyst Jobs
Personal Emergency Response Associate
Connect AmericaEmpowering aging and vulnerable populations to age gracefully at home with AI-enabled digital health and safety platform
Role Description To answer incoming telephone calls and alarms from elderly and medically at-risk individuals, referred to as Subscribers, and triage their needs with designated responders, including non-emergency and emergency responders, to obtain the appropriate level of assistance in a timely manner. - Respond to incoming calls and alarms by identifying the type of help required and coordinating timely and appropriate assistance according to established protocols and procedures. - Ensure that all customer interactions are conducted in a professional and caring manner resulting in a high level of customer service. - Obtain requested revisions to Subscriber data and ensure updates are accurately entered into the appropriate data management system, Mastermind. - Perform off-phone tasks as required, including call back queue work, in accordance with established protocols. - Troubleshoot maintenance alarms, when applicable, and home communicator issues to help ensure the Subscriber’s service remains functional and uninterrupted. - Meet departmental standards for after-call work, average handle time, and case quality. - Adhere to all company and departmental policies and practices. - Ensure that all required training is completed within expected timeframes. - Demonstrate behaviors that contribute to a productive, supportive, and caring work environment. Qualifications - High school diploma or equivalent required; GED evidence required. - Call center or customer service experience. Professional and courteous telephone manner. - Fluency in English with excellent verbal communication skills. - Proficient computer and Microsoft Windows skills, including the ability to navigate multiple systems, use standard office applications, enter information accurately, and troubleshoot routine technology issues with minimal assistance. - Deep compassion and empathy for elderly and medically at-risk individuals is highly desirable. - Ability to handle routine and repetitive tasks at a varying pace. - Ability to maintain composure in stressful situations. - Satisfactory completion of all required pre-employment screenings, including background check, drug test, CORI check, and fingerprinting. Requirements - For remote positions, a professional work environment that includes a quiet, distraction-free workspace, a private area to ensure confidentiality and security when handling sensitive information, and reliable internet access to support seamless communication and work activities. - The company will provide the necessary equipment required for employees to perform their job duties. - Employees are responsible for maintaining company-provided equipment in good working condition, using it appropriately, and promptly reporting any issues, damage, or malfunction. - Employees must also provide and maintain a reliable high-speed internet connection that meets company-defined requirements. - Proof of internet speed meeting company standards is required prior to hire and may be revalidated as needed to ensure ongoing performance and service reliability. - Remote employees must perform all work from within the United States 100% of the time. - Any long-term relocation between states must be reviewed and approved by the company in advance. Benefits - Part-Time Morning Shift (Flexible Scheduling) - This posting represents multiple Part-Time Morning Shift openings. Available schedules may vary. - Candidates will work with the hiring manager during the interview process to review available schedules across the week and determine the best fit based on operational needs and availability.
Role Description We are seeking a Senior Cyber Incident Response Engineer to design, automate, integrate, and continuously improve the technical systems, workflows, and tooling used to detect, investigate, contain, and recover from cybersecurity incidents. This role combines hands-on response engineering with incident readiness and operational improvement, helping ensure responders have the automation, telemetry, access, and processes needed to act quickly and effectively. The ideal candidate brings strong incident response and DFIR expertise, practical engineering skill, and the ability to turn repeated operational pain points into scalable, reliable capabilities that improve response quality and reduce time to action. - Design, build, and improve automated evidence collection capabilities that increase the speed, consistency, and completeness of incident investigations. - Create and maintain SOAR playbooks that orchestrate investigation, enrichment, containment, notification, and recovery workflows. - Integrate SIEM, EDR, IAM, cloud, email, case management, and threat intelligence platforms to enable unified response actions and stronger analyst context. - Develop and deploy response tooling that may utilize AI to improve response capabilities across cloud, endpoint, identity, SaaS, email, and data platforms. - Develop scripts, tools, and integrations that support triage, containment, enrichment, forensic collection, and operational response workflows. - Ensure responders have the logs, telemetry, access, and tooling needed to investigate and respond without unnecessary delay. - Build dashboards, operational views, and incident metrics that measure response performance, workflow health, and process effectiveness. - Identify repeated manual analyst tasks and turn them into safe, scalable, and repeatable automation. - Review incident response plans, identify readiness gaps, and help develop practical strategies to improve preparedness. - Design and optimize incident response playbooks aligned to relevant threats, operating models, and business needs to allow for quick identification and response to potential incidents. - Collaborate with Response Operations and Automation team stakeholders for prioritization, automation creation, and integrations with security tooling. - Facilitate or support tabletop exercises, drills, and readiness activities to validate plans and improve operational performance. - Lead or support complex investigations involving host, network, identity, email, and cloud artifacts to determine nature, scope, and root cause. - Partner with cross-functional teams to guide containment, remediation, recovery, and post-incident improvement activities. - Brief technical teams and leadership on findings, risks, recommendations, and response decisions during and after incidents. - Contribute to incident response standards, methodologies, documentation, and internal knowledge sharing. - Participate in an incident response on-call rotation, including weekend coverage, as required. Qualifications - 5+ years of relevant cybersecurity experience in either incident response, DFIR, detection engineering, threat hunting, and or SOC escalation. - 2+ years of security automation / cyber defense engineering. - Strong proficiency with Python, PowerShell, Bash, or similar scripting languages used for automation and response engineering. - Ability to lead projects with little guidance, and strong communication. - Knowledge of SIEM, SOAR, EDR, Data Lake, and enterprise security tooling and methodologies. - Experience handling security incidents and investigating a multitude of cyber threats with various TTPs across multiple enterprise platforms. - Experience building and maintaining API integrations across security and enterprise platforms. - Working knowledge of SIEM query languages such as SPL, KQL, SQL, or equivalent analytics languages. - Experience with EDR response actions, investigation workflows, and endpoint containment techniques. - Experience designing, building, or operating SOAR platforms and automated playbooks. - Strong understanding of endpoint, identity, network, cloud, email, and SaaS telemetry, including logging, evidence collection, and containment actions across modern environments. - Experience collecting and using forensic artifacts to support investigations across endpoints, identities, cloud services, email, or SaaS platforms. - Ability to design for scale, repeatability, automation, reliability, and reduced response time in a production security environment. - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, Digital Forensics, or a related field, or equivalent practical experience. Requirements - 7+ years of relevant cybersecurity or security operations experience. - Demonstrated ownership of incident response engineering, automation, forensic collection, containment workflows, or large-scale security operations improvements. - Experience conducting threat intelligence, threat detection, malware analysis, or forensic analysis in security incidents as a team. - Experience building and leveraging AI-assisted tooling in investigation or triage workflows for a large, distributed enterprise environment. - Experience integrating case management, email security, identity platforms, cloud services, and threat intelligence into response workflows. - Experience building analyst-facing dashboards, metrics, and reporting that show operational health and response effectiveness. - Strong understanding of cloud technologies, AI agents, and LLMs. - Familiarity with secure automation guardrails, approval models, and change control for containment actions. - Experience with detection engineering and the operationalization of alerts, enrichments, and response workflows. - Experience improving responder access to logs, telemetry, and investigative tooling across multiple security domains. - Relevant certifications are preferred rather than required. Preferred certifications may include GCIH, GCFA, GCFE, GNFA, EnCE, CFCE, GCIA, GSEC, CySA+, Blue Team Level 2, AWS Security Specialty, Azure Security Engineer, Google Cloud Security Engineer, CISSP, CISM, GPEN, OSCP, or PNPT. Benefits - This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. - Salary range: $140,000 - $175,000 (bonus eligible). Additional Requirements - This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.
• Efficiently manages reconstruction portion of loss for insurance carrier and expedite closure of files • Regular communication and active file management throughout the reconstruction process • Evaluates extent of reconstruction needed and discusses the reconstruction process with the insured • Review loss and coverage information and determine if the loss will be within policy limits • Verifies status of files with Insurance Carrier • Works in partnership with assigned contractor • Communicates with customer to recommend reserve amount based on exposure
• Assist with investigative and forensic analysis across endpoints, network logs, and cloud telemetry under the direction of senior analysts • Support containment and response actions to neutralize active threats as directed by Incident Advisors or Senior Analysts • Triage and review alerts, indicators of compromise (IOCs), artifacts, and telemetry, escalating findings to senior analysts to help determine scope and root cause • Maintain clear and accurate engagement documentation, including trailheads, timelines, and playbooks • Develop incident response skills through hands-on engagements while following CIRT investigative and documentation standards • Contribute technical findings and summaries to support customer updates and post-incident reports • Identify and communicate detection or response gaps observed during investigations • Participate in shift handovers, debriefs, and post-incident reviews to ensure engagement continuity • Maintain accurate time and activity tracking to support operational visibility and service improvement




