Incident Response Analyst

Job Description
• Security Monitoring & Alert Management: Continuously monitor system health and security alerts to detect potential threats in real time.
• Incident Response & Forensic Analysis: Conduct forensic analysis of digital evidence to identify intrusion patterns, malicious actors, and attack vectors.
• Threat Intelligence & Correlation: Correlate data from multiple sources (logs, threat feeds, network traffic) to identify emerging threats and attack trends.
• Risk Assessment & Mitigation: Identify security risks, vulnerabilities, and exposures; recommend remediation strategies to prevent future incidents.
• Interpret, analyze, and report all events and anomalies in accordance with computer network directives, including initiating, responding, and reporting discovered events. Reporting & Compliance: Generate detailed incident reports and briefings for stakeholders, including executive summaries and technical deep dives.
• Collaborate with federal agencies (CYBERCOM, NSA, FBI, DOJ, DHS) to review cybersecurity intelligence and align with national security protocols.
• Process Improvement Continuously refine SOC workflows, playbooks, and detection logic to adapt to evolving threats.
• Responsible for performing correlation activities and trend analysis to discover attack patterns and assess the risks and potential exposure of assets and develop and enhance correlation rules, logic, and analysis techniques for associating data. Required Skills & Experience
• 3-6 years of experience in a SOC or cybersecurity operations role, with proven experience investigating and responding to security incidents
• Proficiency with SIEM platforms (e.g., Splunk) and endpoint detection tools (e.g., CrowdStrike, Sentinel One, Microsoft Defender).
• Strong understanding of network protocols, packet analysis, and tools like Wireshark or Zeek.
• Experience with IDS/IPS/NDR/EDR tools (e.g., Snort, Suricata, Bricata).
• Ability to analyze logs, correlate data, and detect adversary tactics, techniques, and procedures (TTPs).
• Familiarity with threat intelligence frameworks such as MITRE ATT&CK, Cyber Kill Chain, and IOC analysis.
• Basic scripting or automation skills (e.g., Python, PowerShell, Bash) to enhance workflows.
• Security Plus CE or equivalent
• Comfortable working a Saturday 6PM-6AM Sunday shift ONSITE in Arlington, VA
Possess a Top Secret Clearance