Unlock Premium Benefits Today!
🚀 Elevate your career with priority access.
Stand out to top recruiters with Jobgether Priority Access:
  • ✅ Top Match: We help you identify job offers where you're a perfect fit.
  • ✅ Exclusive Referral Service: Connect directly with recruiters as a Jobgether Certified Premium User.
  • ✅ Personalized Feedback: Receive feedback and expert guidance on applications, and have your profile manually reviewed.
Go Premium

Senior Incident Response Analyst 1

Remote: 
Full Remote
Contract: 
Full time
Work from: 
United States

Offer summary

Qualifications:

3+ years of experience in Incident Response or a related role, Post-secondary education in Cybersecurity or comparable, Strong understanding of Windows logs and forensic artifacts, Cybersecurity certifications (e.g. CompTIA CySA+, GCFE, GCIH) are a plus..

Key responsibilities:

  • Perform in-depth forensic analysis of systems and investigate customer networks for suspicious activity
  • Lead assigned incident response engagements and delegate tasks to other consultants
  • Document and communicate findings to customers, maintaining detailed documentation
  • Conduct searches through OSINT sources and log work hours accurately for each engagement.

Sophos logo
Sophos Large https://www.sophos.com/
1001 - 5000 Employees
See all jobs

Job description

Role Summary
Sophos is seeking an experienced and motivated Incident Response Consultant 3 to join our Incident Response (IR) service. The Sophos IR team is an elite group of incident responders that are engaged by organizations worldwide to respond to and neutralize cyber threats. Specializing in industry-standard forensic tools and Sophos technologies, the team provides comprehensive investigations, response actions, remediation guidance, and root cause analysis to combat a wide range of cybersecurity incidents.
 
As an Incident Response Consultant 3 on the Sophos IR team, you will collaborate with a dedicated group of experts to neutralize critical security incidents for customers of varying sizes and industries. In this role, you will be responsible for investigating at-scale across the customer networks and conducting forensic analysis using industry standard tools to identify indicators of compromise and tactics, techniques, and procedures used by threat actors. Reporting to the Team Lead, Incident Response, you will, lead assigned incident response engagements, delegate tasks to other assigned consultants,  and will be responsible for documenting and communicating findings to our customers.

What You Will Do
  • Perform in-depth forensic analysis of systems
  • Acquire full disk and triage images of Windows, Mac, and Linux systems for investigation
  • Investigate customer networks for suspicious and malicious activity
  • Leverage tools such as XDR to perform large-scale threat hunts
  • Identify systems of interest related to ongoing investigations
  • Maintain detailed and accurate documentation, including meeting notes and investigative findings
  • Document IOCs and contribute to the development of threat intelligence
  • Collect sample files from customer devices as part of incident investigations
  • Conduct searches through OSINT sources
  • Log work hours accurately for each customer engagement
  • Complete assigned training and development programs as directed by the Team Lead

    • What You Will Bring
  • 3+ years of experience in Incident Response or a related role
  • Excellent understanding of Windows logs and forensic artifacts
  • Strong understanding of hypervisors and virtualization
  • Experience in conducting full disk and triage image acquisition
  • Working knowledge of mapping adversary behavior to the MITRE ATT&CK framework
  • Demonstrated experience working with common open-source forensic utilities
  • Passion for cyber security, incident response, and digital forensics
  • A desire for continuous learning
  • Strong written communication skills
  • A team-player attitude with a willingness to share knowledge
  • Ability to work some weekends and holidays
  • Experience leading BEC investigations
  • Post-secondary education in Cybersecurity, or comparable
  • Cybersecurity certifications is a plus (e.g. CompTIA CySA+, GCFE, GCIH, or similar)
  • Experience with SIEM technology is a plus (e.g. Splunk, ELK, etc.)
  • Willingness to work occasional overtime during peak times or holidays
  • Experience writing SQL queries is a plus
  • Experience writing PowerShell, Python, or Bash scripts is a plus
    • In the United States, the base salary for this role ranges from $135,000 to $225,000. In addition to base salary, we offer additional  compensation including bonus eligibility and a comprehensive benefits package.  A candidate’s specific pay within this range will depend on a variety of factors, including job-related skills, training, location, experience, relevant education, certifications, and other business and organizational needs. 

    #li-remote
    #B2
    #Li-JA1

    Required profile

    Experience

    Spoken language(s):
    English
    Check out the description to know which languages are mandatory.

    Hard Skills

    Computer ForensicsCyber SecurityCyber Threat IntelligenceIncident ResponseLog FilesDisk ImagingPython (Programming Language)SplunkSQL (Programming Language)Windows PowerShellBash (Scripting Language)

    Other Skills

    • Teamwork
    • Communication
    Are you interested?

    Incident Response Analyst Related jobs

    See more Incident Response Analyst jobs