Perform advanced incident response across Windows and Linux environments including triage containment eradication and recovery.
Conduct host-based forensics including log analysis memory capture file system review and malware behavior analysis.
Serve as Incident Commander during cybersecurity events coordinating actions documenting decisions and communicating with leadership and affected agencies.
Analyze adversary Tactics Techniques and Procedures (TTPs) and map findings to MITRE ATT&CK.
Review and validate alerts from SIEM IDS/IPS EDR and network monitoring tools.
Produce incident reports timelines and executive summaries for statewide stakeholders.
Support multi-agency response operations including SLTT partners and critical infrastructure entities.
Provide recommendations for detection improvements hardening and long-term mitigation.
Participate in post-incident reviews lessons learned and playbook updates.
Maintain readiness for 24x7 response through on-call rotation or surge support.
MUST HAVE 5 Required Advanced host based forensics across Windows and Linux including memory disk and malware analysis using telemetry from NetWitness Gravwell Google SecOps and Corelight to validate findings and reconstruct attacker activity. 5 Required Ability to correlate host network and intelligence data from CrowdStrike SentinelOne Microsoft Sentinel Corelight and NetWitness to build complete incident timelines. 5 Required Experience producing high quality incident reports and executive summaries using evidence collected from Gravwell NetWitness Corelight and case management workflows. 4 Required Strong understanding of adversary TTPs intrusion kill chains and threat hunting methodologies using packet level and log level data from but not limited to Corelight NetWitness and CRIBL pipelines. 3 Required Incident Commander experience 1 Required Experience supporting SLTT or critical infrastructure environments including multi tenant IR operations and cross agency coordination.
PREFERRED 5 Preferred Proficiency with threat intelligence platforms including Recorded Future ThreatMon GreyNoise Google Threat Intelligence VirusTotal and Mandiant to enrich investigations validate indicators and map activity to MITRE ATT&CK. 5 Preferred Hands on experience using Cyware CSAP for incident orchestration automated enrichment case creation and workflow execution across SIEM IPS EDR and ticketing systems. 4 Preferred Security Certifications Preferred (CISSP CIH Sec)
Position- Cyber Incident Response Analyst - ONSITE - Location : TXCC San Antonio office 506 Dolorosa Street. 1001 North Loop Austin TX 78756 Job Description Perform advanced incident response across Windows and Linux environments including triage...
Perform advanced incident response across Windows and Linux environments including triage containment eradication and recovery.
Conduct host-based forensics including log analysis memory capture file system review and malware behavior analysis.
Serve as Incident Commander during cybersecurity events coordinating actions documenting decisions and communicating with leadership and affected agencies.
Analyze adversary Tactics Techniques and Procedures (TTPs) and map findings to MITRE ATT&CK.
Review and validate alerts from SIEM IDS/IPS EDR and network monitoring tools.
Produce incident reports timelines and executive summaries for statewide stakeholders.
Support multi-agency response operations including SLTT partners and critical infrastructure entities.
Provide recommendations for detection improvements hardening and long-term mitigation.
Participate in post-incident reviews lessons learned and playbook updates.
Maintain readiness for 24x7 response through on-call rotation or surge support.
MUST HAVE 5 Required Advanced host based forensics across Windows and Linux including memory disk and malware analysis using telemetry from NetWitness Gravwell Google SecOps and Corelight to validate findings and reconstruct attacker activity. 5 Required Ability to correlate host network and intelligence data from CrowdStrike SentinelOne Microsoft Sentinel Corelight and NetWitness to build complete incident timelines. 5 Required Experience producing high quality incident reports and executive summaries using evidence collected from Gravwell NetWitness Corelight and case management workflows. 4 Required Strong understanding of adversary TTPs intrusion kill chains and threat hunting methodologies using packet level and log level data from but not limited to Corelight NetWitness and CRIBL pipelines. 3 Required Incident Commander experience 1 Required Experience supporting SLTT or critical infrastructure environments including multi tenant IR operations and cross agency coordination.
PREFERRED 5 Preferred Proficiency with threat intelligence platforms including Recorded Future ThreatMon GreyNoise Google Threat Intelligence VirusTotal and Mandiant to enrich investigations validate indicators and map activity to MITRE ATT&CK. 5 Preferred Hands on experience using Cyware CSAP for incident orchestration automated enrichment case creation and workflow execution across SIEM IPS EDR and ticketing systems. 4 Preferred Security Certifications Preferred (CISSP CIH Sec)