Incident Response Analyst

Come join Deepwatchs team of world-class cybersecurity professionals and the brightest minds in the industry. If youre ready to challenge yourself with work that matters then this is the place for you. Were redefining cybersecurity as one of the fastest growing companies in the U.S. and we have a blast doing it!

Who We Are

Our core values drive everything we do at Deepwatch including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch every decision process and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values we create a culture of excellence that is dedicated to empowering our team members to explore their potential expand their skill sets and achieve their career aspirations which is supported by our unique annual professional development benefit.

Deepwatch recognition includes:

• and 2021 Great Place to Work Certified
• 2024 Military Times Best for Vets Employers
• 2024 US Department of Labor Hire Vets Gold Award
• 2024 Forbes Americas Best Startup Employers
• 2024 Cyber Defense Magazine Global Infosec Awards
• 2023 and 2022 Fortress Cybersecurity Award
• 2023 $180M Series C investment from Springcoast Capital Partners Splunk Ventures and Vista Credit Partners of Vista Equity Partners
• 2022 Cybersecurity Excellence Award for MDR

Incident Response Analyst

Location: HybridTampa FL / Remote

While proximity to Tampa is preferred to support a hybrid schedule in our Tampa Center of Excellence were open to remote candidates who can support the Eastern Time Zone.

Reporting to the Manager of Adversary Response the Incident Response Analyst operates on the front lines of active cyber conflictdefending organizations against sophisticated real-world adversaries. This is a mission-critical role for practitioners who thrive in high-pressure environments and are driven to outpace outthink and disrupt advanced threat actors.
As a primary responder during live incident engagements you will lead hands-on investigations into complex intrusions leveraging advanced EDR and detection platforms to trace attacker behavior contain threats in real time and eradicate adversary presence at its source.
This role demands sharp analytical instincts technical depth and a relentless curiositypaired with the discipline to execute under pressure. You wont just respond to incidents; youll play a key role in defending critical environments strengthening resilience and raising the bar against an ever-evolving threat landscape.

In this role youll get to:

• Lead end-to-end incident response engagements within customer environments driving rapid investigation containment and remediation of active threats
• Conduct deep-dive forensic and malware analysis to uncover adversary tactics techniques and procedures (TTPs) translating findings into actionable intelligence
• Proactively hunt for advanced threats through hypothesis-driven threat hunting across diverse data sources and telemetry
• Triage and validate suspicious activity using a combination of open-source intelligence (OSINT) proprietary intelligence and behavioral analysis
• Own the documentation of incidents ensuring clear defensible reporting and timeline reconstruction within case management systems
• Identify and operationalize new adversary techniques tools and tradecraftscaling knowledge across the team to strengthen collective defense
• Maintain a constant pulse on the evolving threat landscape applying emerging intelligence to real-world investigations
• Surface visibility gaps in logging telemetry and detection coverage and partner with stakeholders to enhance overall security posture
• Collaborate cross-functionally to develop and refine detection content response playbooks and threat intelligence outputs
• Serve as a trusted advisor to customers confidently guiding them through the full incident response lifecyclefrom initial compromise to full remediation and recovery

• Proven hands-on experience leading incident response investigations with the ability to independently scope analyze and drive complex engagements to resolution
• A track record of operating in high-volume high-complexity environments (e.g. MDR MSSP consulting or enterprise IR teams) with exposure to a wide range of real-world incidents and adversary scenarios
• Deep expertise with Endpoint Detection & Response (EDR) platforms such as SentinelOne Microsoft Defender and CrowdStrike including advanced querying triage and response actions
• Strong command of incident response methodologies and frameworks (e.g. NIST PICERL) with the ability to apply them dynamically in fast-moving ambiguous situations
• Experience leveraging SIEM SOAR case management and threat intelligence platforms to investigate correlate and respond to threats at scale
• A solid understanding of attacker methodologies including common and emerging tactics techniques and procedures (TTPs) with the ability to map activity to frameworks such as MITRE ATT&CK
• Exceptional communication skills with experience presenting technical findings and strategic recommendations to both technical teams and executive stakeholders
• The ability to operate as a trusted advisor during high-pressure incidentsbringing clarity structure and confidence to customer engagements

Note: This role is best suited for practitioners who have been deeply immersed in live incident response environments and have built pattern recognition across numerous engagements. Candidates with limited exposure to real-world incidents may find the pace ambiguity and complexity of this role challenging.

Statutory Pay Disclosure

The anticipated salary range for this role is $12700 - $140000 stock options benefits. Actual compensation may vary from posted hiring range based upon geographic location work experience education and/or skill level.

ITAR Compliance

This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application candidates will be asked to confirm that they are a U.S. Person as defined by the following:

• A citizen of the U.S.;
• A lawful permanent resident of the United States;
• A person admitted to the United States as a refugee; or
• A person that has been granted asylum by the United States government.

The intent of this requirement is not to verify employment eligibility overall but to ensure compliance with import/export regulations. If you do not meet these requirements we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.