Cybersecurity Incident Response Analyst (Job 3014737)
Category: Technology
Summary:
The Cybersecurity Incident Response Analyst will support the organization’s incident response capabilities by performing hands-on detection, analysis, and response activities, including authorized security testing and validation. This role works closely with the Incident Response Manager to execute the incident response strategy, validate security controls, and maintain the organization’s security posture.
Key Responsibilities:
- Monitor and triage security alerts from various detection tools and the Managed Detection and Response (MDR) platform to identify potential security incidents.
- Conduct initial analysis of security events and escalate potential incidents according to established procedures.
- Execute incident response procedures during all phases: detection, analysis, containment, eradication, and recovery.
- Perform authorized security testing activities:
- Execute controlled penetration tests under supervision.
- Validate security controls through authorized adversary emulation.
- Perform security tool bypass testing to validate detection capabilities.
- Support red team exercises by:
- Assisting in planning and scoping engagement scenarios.
- Documenting findings and attack paths.
- Testing blue team detection and response capabilities.
- Assist in purple team exercises to improve detection and response procedures.
- Document incident details, maintain case records, and assist in preparing incident reports and metrics.
- Support post-incident reviews by gathering relevant data and helping identify areas for improvement.
- Assist in testing and maintaining incident response procedures and playbooks.
- Help maintain and optimize security monitoring tools and detection rules.
- Participate in incident response training exercises and drills.
- Collaborate with other security teams and IT staff during security event and incident investigations.
- Support the maintenance of relationships with the MDR vendor by tracking and documenting service delivery.
Preferred Experience and Skills:
- 1-3 years of experience in cybersecurity, IT security, or related technical field.
- Hands-on experience with security monitoring and incident response tools.
- Familiarity with common attack techniques and incident response procedures.
- Hands-on experience with security tools such as EDR, SIEM, and network monitoring solutions.
- Experience with vulnerability scanning tools and methodologies.
- Understanding of offensive security concepts and attack frameworks (MITRE ATT&CK).
- Strong analytical and problem-solving skills.
- Excellent documentation and technical writing abilities.
- Ability to work in a fast-paced environment and handle multiple priorities.
- Good communication skills and ability to work effectively in a team.
- Strong ethical standards and understanding of security testing boundaries.
Education:
- Bachelor’s degree in information technology, cybersecurity, computer science, or a related field.
- Equivalent combination of education and relevant experience may be considered.
Location:
- Boca Raton, Florida.