Cyber Incident Response Analyst

Job Title: Incident Response & Preparedness (IRP) Engineer

Location: Remote

Employment Type: Full-Time / Contract

Department: Cybersecurity / Security Operations / GRC

Position Overview

The Incident Response & Preparedness (IRP) Engineer will lead the design, development, and operational readiness of the organization's incident response program, processes, tooling, and playbooks. This role ensures the organization can rapidly detect, contain, eradicate, and recover from cyber threats through well-documented, repeatable, and measurable processes aligned to security and compliance frameworks.

The ideal candidate has strong hands-on security operations experience, understands modern threat vectors, can develop and execute tabletop exercises, and can transform policy and governance requirements into operational technical workflows.

Key Responsibilities Incident Response Strategy & Operations

• Develop, maintain, and continuously improve the Incident Response Plan (IRP), runbooks, and playbooks.
• Lead incident investigation efforts covering triage, containment, eradication, and recovery.
• Perform forensic analysis, log correlation, threat hunting, and root-cause analysis (RCA).
• Conduct regular tabletop and scenario-based simulation exercises with internal & external teams.
• Define incident metrics, KPIs, SLAs, and reporting for leadership and audit committees.

Threat Detection & Monitoring

• Collaborate with SOC, SIEM, SOAR, and threat intel teams to enhance detection & automation.
• Tune alerting logic, use cases, dashboards, and data retention standards.
• Integrate threat intelligence feeds and develop actionable response patterns.

Governance, Compliance & Documentation

• Ensure IRP is aligned to NIST 800-61, ISO 27035, CIS, NIST CSF, Zero-Trust, and regulatory requirements (PCI, HIPAA, CJIS, FISMA, CMMC, etc.).
• Maintain evidence artifacts for audits, investigations, post-incident reporting, and legal requirements.
• Partner with GRC, Risk, IT Operations, and Compliance functions to ensure enterprise readiness.

Training & Awareness

• Deliver cybersecurity awareness and specialized IR training for technical and non-technical teams.
• Develop maturity assessment roadmaps using recognized frameworks (CSF, C2M2, CERT-RMM, etc.).

Required Skills & Qualifications

• Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or related field OR equivalent experience.
• 5+ years of direct experience in SOC, IR, Threat Detection, Security Engineering, or Blue Team roles.
• Strong experience with SIEM/SOAR platforms (Splunk, Sentinel, QRadar, ArcSight, Chronicle, Cortex XSOAR, etc.).
• Experience performing digital forensics using tools such as EnCase, FTK, Velociraptor, X-Ways, KAPE, Magnet AXIOM.
• Knowledge of network security, malware analysis, endpoint security, cloud security, and identity security.
• Familiarity with MITRE ATT&CK, D3FEND, and cyber kill chain methodology.

Preferred / Bonus Qualifications

• Certifications such as: GCIH, GCIA, GCFA, GNFA, CEH, CHFI, CCSP, CISSP, CISM, CySA+, Azure SC-200, AWS Security-Specialty, ISO Lead Implementer, CMMC-PA/PI.
• Experience with Zero Trust, EDR tools (CrowdStrike, Carbon Black, Defender ATP, SentinelOne), and XDR.
• Experience in regulated environments (DoD, Public Sector, Healthcare, Finance, FedRAMP, CJIS).

Soft Skills

• Strong analytical and problem-solving skills.
• Ability to remain calm under pressure.
• Excellent documentation, communication, and presentation skills.
• Ability to influence cross-functional teams with diplomacy and authority.

Success Metrics

• Incident containment mean time (MTTC) reduction.
• Mean time to detect (MTTD) and mean time to respond (MTTR) improvements.
• Successful completion of annual IR testing & regulatory audit readiness.
• Maturity level advancement across people, process, and technology.

Job Types: Full-time, Permanent, Contract

Pay: $ $60.00 per hour

Expected hours: 40 per week

Work Location: Remote