Salary is 140k to 160k + bonusWe are seeking a senior-level Incident Response Analyst to join our Cybersecurity team. This role is responsible for conducting end-to-end investigations, triaging security events, analyzing complex logs, and driving incidents from detection through resolution. The ideal candidate brings strong technical expertise in networking, systems, cloud environments, and security playbooks, with hands-on experience performing investigations within an Incident Response or Cyber Defense team.
You will work closely with internal teams to enhance detection capabilities, improve incident workflows, and strengthen the overall security posture. This is a hands-on, investigative role requiring strong analytical skills, technical troubleshooting, and the ability to remain calm and decisive during high-pressure security events.
Key Responsibilities
• Triage, investigate, and fully resolve security incidents from initial discovery through closure.
• Analyze logs and correlate data across large datasets to identify malicious activity, anomalies, and root causes.
• Follow and contribute to improving cybersecurity playbooks within tools such as Splunk for detection, investigation, and response.
• Conduct deep-dive investigations across networks, endpoints, firewalls, cloud environments, and applications.
• Apply strong networking knowledge (firewalls, routing, switching, TCP/IP) during investigations.
• Review, interpret, and troubleshoot scripts (PowerShell, Python) used for detection and automation.
• Collaborate with engineering, cloud, and security teams to harden systems, identify gaps, and improve overall security.
• Manage individual investigations and security projects independently with minimal oversight.
• Participate in the on-call rotation for offline incident support.
• Contribute technical insights to enhance detection logic, IR processes, and security controls.
Required Qualifications
• Senior-level hands-on experience in incident response or DFIR investigations.
• Strong technical expertise in incident response, security operations, and investigative workflows.
• Deep understanding of networking fundamentals: firewalls, routing, switching, TCP/IP.
• Experience investigating incidents in cloud environments (any major cloud provider).
• Ability to triage, analyze, and resolve incidents independently.
• Strong knowledge of log analysis and correlation across large or complex environments.
• Ability to read and understand scripting languages such as PowerShell or Python.
• Experience working with security playbooks and IR workflows (Splunk preferred).
• Strong analytical, problem-solving, and communication skills.
Preferred Qualifications
• Experience with SIEM platforms (Splunk, Sentinel, QRadar, Elastic).
• Familiarity with EDR/XDR tools, firewalls, and cloud-native security services.
• Incident response-focused certifications (GCIH, GCFA, GNFA, or similar) are a plus.
