Cybersecurity Incident Response Analyst REMOTE

Binary Defense (BD) is seeking a talented Cybersecurity Incident Response Analyst to join our Analysis on Demand (AoD) team. This role focuses on hands-on investigation of cybersecurity incidents threat hunting and forensic analysis across endpoint network and cloud environments.

Position Overview

Serve as an Incident Response (IR) Analyst supporting the Analysis on Demand (AoD) team.

Drive client meetings to discuss incident scope investigative findings and response updates while producing clear and detailed technical reports.

Conduct incident triage and verification determine scope of compromise perform threat hunting and provide containment and remediation recommendations to customers.

Serve as a primary responder and point of contact during incident response engagements supporting forensic investigation analysis and resolution of security incidents.

Work directly with clients to perform investigations forensically analyze systems and identify attacker activity across enterprise environments.

Analyze compromised systems to determine attack vectors persistence mechanisms lateral movement and attacker techniques.

Identify attacker tools tactics and procedures (TTPs) and understand evolving threat actor behaviors.

Follow industry incident response best practices for containment eradication and recovery.

This position focuses on hands-on investigation and incident response not alert monitoring or tier-1 SOC duties.

Must be familiar with incident response best practices and procedures.

Must have Windows-based incident response and computer forensics experience.

Must be familiar with network analysis memory analysis and digital forensics investigations.

Must possess excellent verbal and written communication skills including the ability to present findings and recommendations to technical teams and leadership.

Responsibilities

Communicate and collaborate with internal and customer teams to investigate and contain incidents for escalated security events and investigations.

Perform technical cybersecurity investigations including root cause analysis threat identification and remediation guidance.

Conduct client-facing incident response engagements examining endpoint network and cloud-based sources of evidence.

Schedule and lead video calls with clients for collaboration investigation updates and response coordination.

Perform host-based forensic analysis including artifact analysis memory analysis log analysis and timeline reconstruction.

Conduct enterprise-scale artifact collection and analysis to identify attacker activity persistence mechanisms and lateral movement across multiple systems.

Utilize Velociraptor artifacts and VQL (Velociraptor Query Language) to perform targeted endpoint investigations and collect forensic artifacts across enterprise environments.

Investigate attacker activity using endpoint telemetry system artifacts authentication logs and network evidence to reconstruct attack timelines.

Analyze attacker behavior and intrusion activity to determine initial access persistence mechanisms privilege escalation and lateral movement used during an incident.

Recognize attacker Tools Tactics and Procedures (TTPs) and Indicators of Compromise (IOCs) and apply them to current and future investigations.

Support development of detections hunting queries and investigative methodologies based on findings from incident response engagements.

Assist in creating and revising standard operating procedures policies processes playbooks and technical reports.

Develop and present comprehensive reports trainings and presentations for both technical and executive audiences.

Provide post-incident recommendations and security improvement guidance to strengthen detection capabilities and reduce future attack risk.

Maintain professional knowledge by attending conferences reviewing publications writing blog posts or participating in industry events.

Stay current on emerging threats countermeasures and security technologies.

Write technical documents and investigative reports.

Operate effectively in a fast-paced and collaborative environment.

Work remotely receive direction and operate as a self-starter.

Bachelors degree in Cybersecurity Computer Science Information Systems or related field or equivalent practical experience.

Certification in one or more of the following preferred: GCIH GCFE GCFA GREM GNFA

Experience working within a Security Operations Center (SOC) or Incident Response team.

35 years of hands-on cybersecurity investigation experience including host forensics network forensics threat hunting or incident response.

Experience supporting incident response investigations including analysis containment and remediation actions.

Demonstrated experience investigating active security incidents or confirmed compromises including determining attack scope and identifying persistence mechanisms.

Experience performing host-based investigations using endpoint artifacts logs and forensic evidence to determine attacker activity and timeline of compromise.

Experience analyzing systems across Windows macOS or Linux environments.

Experience working with enterprise security technologies including EDR SIEM firewalls IDS/IPS vulnerability scanning and network security tools.

Experience using digital forensics tools such as Volatility Rekall KAPE Autopsy or similar frameworks.

Experience working with SIEM platforms such as Splunk Microsoft Sentinel Devo or Sumo Logic.

Experience working with EDR platforms such as CrowdStrike Falcon Microsoft Defender for Endpoint SentinelOne Carbon Black FortiXDR or similar solutions.

Strong experience using SIFT Workstation or similar digital forensics platforms.

Demonstrated knowledge of the MITRE ATT&CK Framework.

Ability to communicate investigative findings and strategies to technical teams executive leadership internal teams and clients.

Strong analytical and problem-solving skills.

Comfortable working multiple concurrent investigations and adapting investigative approaches as new evidence is discovered.

Strong time management skills to balance multiple investigations and priorities.

Ability to lead clients in strategic conversations with strong executive presence.

Must be a U.S. Citizen residing in the continental United States.

Preferred Knowledge Skills and Abilities

Masters degree in Cybersecurity Computer Science Information Systems or related field.

Experience with Python PowerShell Bash or other scripting languages.

Build scripts tools or methodologies to enhance incident investigation processes.

Experience conducting cloud incident response investigations (AWS Azure or GCP).

Experience with macOS and Linux forensic investigations.

Experience working with SOAR platforms such as D3 Security Cortex XSOAR Cortex XSIAM or similar security automation platforms.

Experience using Velociraptor for endpoint artifact collection threat hunting and forensic investigations.

Experience using IRIS for incident tracking case management and investigation coordination.

About Binary Defense

Binary Defense is a trusted leader in security operations supporting companies of all sizes to proactively monitor detect and respond to cyberattacks. The company offers a personalized Open XDR approach to Managed Detection and Response advanced Threat Hunting Digital Risk Protection Phishing Response and Incident Response services helping customers mature their security program efficiently and effectively based on their unique risks and business needs.

With a world-class 24/7 SOC deep domain expertise in cyber and sophisticated technology hundreds of companies across every industry have entrusted Binary Defense to protect their business. Binary Defense gives companies actionable insights within minutes not hours the confidence in their program to be resilient to ever-changing threats and the time back that matters most to their business.

Binary Defense is also the Trusted Cybersecurity Partner of the Cleveland Browns and partners with PGA TOUR players. For more information visit our website check out our blog or follow us on LinkedIn.

Binary Defense offers competitive medical dental and vision coverage for employees and dependents a 401k match which vests every payroll a flexible and remote friendly work environment as well as training opportunities to expand your skill set (to name a few!). If youre interested in joining a growing team with great perks we encourage you to apply!