Cybersecurity Incident Response Analyst - REMOTE

About the position Binary Defense (BD) is seeking a talented Cybersecurity Incident Response Analyst to join our Analysis on Demand (AoD) team. This role focuses on hands-on investigation of cybersecurity incidents, threat hunting, and forensic analysis across endpoint, network, and cloud environments. Position Overview Serve as an Incident Response (IR) Analyst supporting the Analysis on Demand (AoD) team. Drive client meetings to discuss incident scope, investigative findings, and response updates while producing clear and detailed technical reports. Conduct incident triage and verification, determine scope of compromise, perform threat hunting, and provide containment and remediation recommendations to customers. Serve as a primary responder and point of contact during incident response engagements, supporting forensic investigation, analysis, and resolution of security incidents. Work directly with clients to perform investigations, forensically analyze systems, and identify attacker activity across enterprise environments. Analyze compromised systems to determine attack vectors, persistence mechanisms, lateral movement, and attacker techniques. Identify attacker tools, tactics, and procedures (TTPs) and understand evolving threat actor behaviors. Follow industry incident response best practices for containment, eradication, and recovery. This position focuses on hands-on investigation and incident response, not alert monitoring or tier-1 SOC duties. Must be familiar with incident response best practices and procedures. Must have Windows-based incident response and computer forensics experience. Must be familiar with network analysis, memory analysis, and digital forensics investigations. Must possess excellent verbal and written communication skills, including the ability to present findings and recommendations to technical teams and leadership.

Responsibilities

• Communicate and collaborate with internal and customer teams to investigate and contain incidents for escalated security events and investigations.
• Perform technical cybersecurity investigations including root cause analysis, threat identification, and remediation guidance.
• Conduct client-facing incident response engagements examining endpoint, network, and cloud-based sources of evidence.
• Schedule and lead video calls with clients for collaboration, investigation updates, and response coordination.
• Perform host-based forensic analysis including artifact analysis, memory analysis, log analysis, and timeline reconstruction.
• Conduct enterprise-scale artifact collection and analysis to identify attacker activity, persistence mechanisms, and lateral movement across multiple systems.
• Utilize Velociraptor artifacts and VQL (Velociraptor Query Language) to perform targeted endpoint investigations and collect forensic artifacts across enterprise environments.
• Investigate attacker activity using endpoint telemetry, system artifacts, authentication logs, and network evidence to reconstruct attack timelines.
• Analyze attacker behavior and intrusion activity to determine initial access, persistence mechanisms, privilege escalation, and lateral movement used during an incident.
• Recognize attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) and apply them to current and future investigations.
• Support development of detections, hunting queries, and investigative methodologies based on findings from incident response engagements.
• Assist in creating and revising standard operating procedures, policies, processes, playbooks, and technical reports.
• Develop and present comprehensive reports, trainings, and presentations for both technical and executive audiences.
• Provide post-incident recommendations and security improvement guidance to strengthen detection capabilities and reduce future attack risk.
• Maintain professional knowledge by attending conferences, reviewing publications, writing blog posts, or participating in industry events.
• Stay current on emerging threats, countermeasures, and security technologies.
• Write technical documents and investigative reports.
• Operate effectively in a fast-paced and collaborative environment.
• Work remotely, receive direction, and operate as a self-starter.

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent practical experience.
• Certification in one or more of the following preferred: GCIH, GCFE, GCFA, GREM, GNFA
• Experience working within a Security Operations Center (SOC) or Incident Response team.
• 3–5+ years of hands-on cybersecurity investigation experience, including host forensics, network forensics, threat hunting, or incident response.
• Experience supporting incident response investigations including analysis, containment, and remediation actions.
• Demonstrated experience investigating active security incidents or confirmed compromises, including determining attack scope and identifying persistence mechanisms.
• Experience performing host-based investigations using endpoint artifacts, logs, and forensic evidence to determine attacker activity and timeline of compromise.
• Experience analyzing systems across Windows, macOS, or Linux environments.
• Experience working with enterprise security technologies including EDR, SIEM, firewalls, IDS/IPS, vulnerability scanning, and network security tools.
• Experience using digital forensics tools such as Volatility, Rekall, KAPE, Autopsy, or similar frameworks.
• Experience working with SIEM platforms such as Splunk, Microsoft Sentinel, Devo, or Sumo Logic.
• Experience working with EDR platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black, FortiXDR, or similar solutions.
• Strong experience using SIFT Workstation or similar digital forensics platforms.
• Demonstrated knowledge of the MITRE ATT&CK Framework.
• Ability to communicate investigative findings and strategies to technical teams, executive leadership, internal teams, and clients.
• Strong analytical and problem-solving skills.
• Comfortable working multiple concurrent investigations and adapting investigative approaches as new evidence is discovered.
• Strong time management skills to balance multiple investigations and priorities.
• Ability to lead clients in strategic conversations with strong executive presence.
• Must be a U.S. Citizen residing in the continental United States.

Nice-to-haves

• Master’s degree in Cybersecurity, Computer Science, Information Systems, or related field.
• Experience with Python, PowerShell, Bash, or other scripting languages.
• Build scripts, tools, or methodologies to enhance incident investigation processes.
• Experience conducting cloud incident response investigations (AWS, Azure, or GCP).
• Experience with macOS and Linux forensic investigations.
• Experience working with SOAR platforms such as D3 Security, Cortex XSOAR, Cortex XSIAM, or similar security automation platforms.
• Experience using Velociraptor for endpoint artifact collection, threat hunting, and forensic investigations.
• Experience using IRIS for incident tracking, case management, and investigation coordination.

Benefits

• Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!).

Apply tot his job Apply To this Job