Skip to content

Lead Incident Response Analyst

Job Category:

BPO / KPO / Shared Services

Job Level:


Open Date:




Close date:


Client Industry:


Job Description and Qualification:

Job Description:

Lead Incident Response Analyst responds to security incidents according to established policies and best practices. Incident handlers provide guidance to tier one and other first responders for the proper handling of Information Security incidents, coordinate efforts of and provide timely updates to multiple business units during response as well as provide recommendations to the units as required.  The Senior Incident Responder (IR) is a key member of the Cyber Fusion Center (CFC) responsible for analyzing, triaging, scoping, containing, providing guidance for remediation, and determining root cause of security incidents. In this role you will use data analysis, threat intelligence, and cutting-edge security technologies.


  • Incident Response: Perform network, host, and memory forensic analysis on various operating systems and applications.
  • Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs in order to identify misuse, malware, or unauthorized activity on monitored networks. Communicating and escalate issues and incidents as required by process and/or management
  • Primary escalation point for SOC 
  • Develop, document, and implement runbooks, capabilities, and techniques for IR 
  • Perform triage and analysis on workstations, servers and network infrastructure 
  • Identify and analyze malware using live forensics, hard drive forensics, sandboxes and reverse engineering 
  • Identify indicators of compromise and apply them to the incident response process 
  • Perform activities necessary for immediate containment and rapid resolution of incidents 
  • Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities 
  • Assisting in building SOC and CIRT processes, procedures, and training 
  • Creating and enhancing standard operating procedures and technical guides 
  • Assist in the creation and tuning of network and host detection signatures based on user behavior analysis and threat intelligence 
  • Stay abreast of current technologies, developments, security compliance requirements, standards and industry trends in order to help achieve the goals of the company 
  • Maintain a high level of confidentiality 
  • Coordinate and drive efforts during response activities and post-mortem 
  • Participate in after hours on-call rotation when required 
  • Perform deep dive investigations to determine root cause of complex information security incidents 
  • Maintain a balance between IR and project work 
  • Travel 15%
  • 6+ years of experience with processes, tools, and techniques in incident response and forensic investigations
  • Experience using event escalation and reporting procedures 
  • Experience supporting Network Investigations 
  • Understanding TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB 
  • Understanding UNIX, Windows, Mac operating systems and command line tools 
  • Experience performing forensics on various OS including disk and memory 
  • Intermediate skills using Windows CMD line, PowerShell, and Linux Bash 
  • Knowledge of how the Windows file system and registry function 
  • Ability to learn and operate in a dynamic environment 
  • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly 
  • Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies 
  • Strong oral and written communication skills 
  • Knowledge of scripting languages used with IR and automation