Cybersecurity Incident Response Analyst - REMOTE

Description: Binary Defense (BD) is seeking a talented Cybersecurity Incident Response Analyst to join our Analysis on Demand (AoD) team. This role focuses on hands-on investigation of cybersecurity incidents, threat hunting, and forensic analysis across endpoint, network, and cloud environments. Position Overview

• Serve as an Incident Response (IR) Analyst supporting the Analysis on Demand (AoD) team.
• Drive client meetings to discuss incident scope, investigative findings, and response updates while producing clear and detailed technical reports.
• Conduct incident triage and verification, determine scope of compromise, perform threat hunting, and provide containment and remediation recommendations to customers.
• Serve as a primary responder and point of contact during incident response engagements, supporting forensic investigation, analysis, and resolution of security incidents.
• Work directly with clients to perform investigations, forensically analyze systems, and identify attacker activity across enterprise environments.
• Analyze compromised systems to determine attack vectors, persistence mechanisms, lateral movement, and attacker techniques.
• Identify attacker tools, tactics, and procedures (TTPs) and understand evolving threat actor behaviors.
• Follow industry incident response best practices for containment, eradication, and recovery.
• This position focuses on hands-on investigation and incident response, not alert monitoring or tier-1 SOC duties.
• Must be familiar with incident response best practices and procedures.
• Must have Windows-based incident response and computer forensics experience.
• Must be familiar with network analysis, memory analysis, and digital forensics investigations.
• Must possess excellent verbal and written communication skills, including the ability to present findings and recommendations to technical teams and leadership.

Responsibilities

• Communicate and collaborate with internal and customer teams to investigate and contain incidents for escalated security events and investigations.
• Perform technical cybersecurity investigations including root cause analysis, threat identification, and remediation guidance.
• Conduct client-facing incident response engagements examining endpoint, network, and cloud-based sources of evidence.
• Schedule and lead video calls with clients for collaboration, investigation updates, and response coordination.
• Perform host-based forensic analysis including artifact analysis, memory analysis, log analysis, and timeline reconstruction.
• Conduct enterprise-scale artifact collection and analysis to identify attacker activity, persistence mechanisms, and lateral movement across multiple systems.
• Utilize Velociraptor artifacts and VQL (Velociraptor Query Language) to perform targeted endpoint investigations and collect forensic artifacts across enterprise environments.
• Investigate attacker activity using endpoint telemetry, system artifacts, authentication logs, and network evidence to reconstruct attack timelines.
• Analyze attacker behavior and intrusion activity to determine initial access, persistence mechanisms, privilege escalation, and lateral movement used during an incident.
• Recognize attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) and apply them to current and future investigations.
• Support development of detections, hunting queries, and investigative methodologies based on findings from incident response engagements.
• Assist in creating and revising standard operating procedures, policies, processes, playbooks, and technical reports.
• Develop and present comprehensive reports, trainings, and presentations for both technical and executive audiences.
• Provide post-incident recommendations and security improvement guidance to strengthen detection capabilities and reduce future attack risk.
• Maintain professional knowledge by attending conferences, reviewing publications, writing blog posts, or participating in industry events.
• Stay current on emerging threats, countermeasures, and security technologies.
• Write technical documents and investigative reports.
• Operate effectively in a fast-paced and collaborative environment.
• Work remotely, receive direction, and operate as a self-starter. Requirements:
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent practical experience.
• Certification in one or more of the following preferred: GCIH, GCFE, GCFA, GREM, GNFA
• Experience working within a Security Operations Center (SOC) or Incident Response team.
• 3–5+ years of hands-on cybersecurity investigation experience, including host forensics, network forensics, threat hunting, or incident response.
• Experience supporting incident response investigations including analysis, containment, and remediation actions.
• Demonstrated experience investigating active security incidents or confirmed compromises, including determini

Apply tot his job Apply To this Job