Principal Incident Response Analyst

We are looking for an accomplished, high-performing Principal Incident Response Analyst for our Threat Detection & Response team with experience performing digital forensics, incident response, and threat hunting. The Principal Incident Response Analyst is responsible for ensuring the confidentiality, integrity, and availability of critical information and IT assets. This role requires a deep understanding of cybersecurity principles, incident response methodologies, digital forensics, and the ability to work efficiently under pressure.

What you’ll do:

• Conduct in-depth analysis of security events and indicators to determine the nature and severity of incidents.
• Respond promptly to security incidents, following established incident response procedures.
• Coordinate and collaborate with cross-functional teams to contain and mitigate cyber threats effectively.
• Perform forensic investigations to determine the root cause of incidents and develop appropriate remediation strategies.
• Lead regular threat hunt activities to identify and investigate gaps in detection.
• Utilize threat intelligence and industry best practices to enhance incident detection capabilities.

What you’ll bring:

• 5+ years of cyber incident response experience in a large and complex environment. Relevant industry certifications are highly desirable (CISSP, GCIH, GFCA, GREM, ECIH).
• Subject matter expertise with security tools and technologies, such as SIEM, IDS/IPS, EDR, and network monitoring solutions.
• Strong knowledge of incident response methodologies, including containment, eradication, recovery, and common security frameworks (NIST, SANS, CSA).
• Ability to acquire and analyze endpoint and network artifacts, volatile memory, malicious files/binaries and scripts.
• Experience with forensic tools, such as Encase, FTK, Axiom, Velociraptor, KAPE, EZtools, Autopsy, and THOR to carry out digital forensic investigations.
• Collaborate with other forensic analysts, law enforcement officers, and legal experts to identify methods and procedures for recovery, preservation, and presentation of computer evidence, ensuring proper precautions are taken in the preservation and prevention of spoliation of electronic evidence.