Senior Incident Response Analyst

Overview

Con Edison is seeking a Senior Incident Response Analyst to build and expand our Incident Response capabilities. This position will work very closely with our Cybersecurity Operations Center (CSOC) and report directly to the Director, Cybersecurity Operations. The selected candidate will lead incident investigations, strengthen detection and response capabilities, expand our cloud security posture, and mentor SOC analysts.This role will focus on monitoring and analyzing alerts, performing advanced network and cloud investigations, guiding the SOC through the entire cyber kill chain, and driving continuous improvement across on-premises, cloud, and operational technology (OT) environments.

Responsibilities

Core Responsibilities

• Investigate incidents from detection to resolution by rapidly assessing threats, determining impact, coordinating responses, collaborating with relevant teams, and managing incident response through all stages of the cyber kill chain.
• Develop and maintain incident response playbooks and procedures to align with industry best practices and emerging threats, leveraging threat intelligence for enhanced detection and response.
• Enhance and implement cloud-focused incident response processes, expand SOC capabilities, integrate cloud-native tools, and collaborate with engineering teams to strengthen detection, investigation, and optimizing detection and response for AWS, Azure, and GCP environments.
• Conduct thorough network and cloud investigations using logs, packet captures, and industry frameworks to identify attacker tactics and compromise indicators.
• Lead post-incident reviews by documenting actions, performing root-cause analysis, identifying vulnerabilities, and continuously enhancing SOC detection and response processes.
• Collaborate with SOC analysts and other teams to enhance investigative and triage skills, deliver ongoing training, and embed security best practices throughout the organization.

Qualifications

Required Education/Experience

• Master's Degree and (2) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or
• Bachelor's Degree and (3) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or
• Associate's Degree and (4) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience.

Relevant Work Experience

• Previous Digital Forensics/Incident Response experience, required.
• Proficient in using known commercial and/or open source, incident response and forensic software, required.
• Understanding of industry standard policies, processes, and procedures, required.
• Understanding of chain of custody, required.
• Previous experience creating timelines and completing a root cause analysis, required.
• Proficiency in collecting, analyzing the evidence collected and creating reports based on the findings to different stakeholders: (Technical, Executive, etc.), required.
• Knowledge of current and evolving cyber threat landscape, required.
• Ability to handle multiple priorities effectively, required.
• Experience in security monitoring, threat detection and handling real-world cyber incidents and stakeholders, required.
• Hands on experience with commercial and open-source cybersecurity tools, required.
• Coordinating containment, eradication and recovery efforts for malware, phishing, ransomware, cloud, edge and other types of attacks, required.
• Coordinating with stakeholders such as cyber and other business units during incidents, required.
• Experience with providing updates during incidents to leadership and documenting incident reports, required.
• Understanding of OT systems, protocols, and industrial control systems (ICS), Preferred.

Skills and Abilities

• Strong verbal communication and listening skills
• Demonstrated written communication skills
• Demonstrated analytical skills
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

• Driver's License Required
• Other: Relevant DFIR certifications such as GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar. Preferred

Additional Physical Demands

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• Must be able and willing to travel within Company service territory, as needed.

---