Sign upSign in

Tier II Cyber Incident Response Analyst

SAIC8 months ago
Austin, Texas, United States
On-site
Full-time
Junior Level (1-3 years)
Apply to Job

Job Description

Key Responsibilities

  • Perform real-time monitoring and triage of security alerts in Cybersecurity toolsets including SIEM and EDR.
  • Make accurate determination of what alerts are false positives or require further investigation and prioritization.
  • Lead and actively participate in the investigation, analysis, and resolution of cybersecurity incidents.
  • Analyze attack patterns, determine the root cause, and recommend appropriate remediation measures to prevent future occurrences.
  • Ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned.
  • Collaborate effectively with cross-functional teams, including forensics, threat intelligence, IT, and network administrators.
  • Clearly communicate technical information and incident-related updates to management and stakeholders.
  • Identify and action opportunities for tuning alerts to make the incident response team more efficient.
  • Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement.
  • Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate incident response processes.
  • Support the mentoring and training of more junior IR staff.
  • Stay informed about the latest cybersecurity threats, trends, and best practices.

Required Qualifications

  • Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (or equivalent work experience).
  • 3+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC).
  • A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset.
  • Strong experience with security technologies, including SIEM, IDS/IPS, EDR, and network monitoring tools.
  • Experience with enterprise ticketing systems like ServiceNow.
  • Excellent analytical and problem-solving skills.
  • Ability to work independently and in a team environment.
  • Strong verbal and written communication skills.

Preferred Qualifications

  • Must currently have or be willing to obtain one of the following certifications: GIAC Certified Incident Handler, EC-Council's Certified Incident Handler (E|CIH), GIAC Certified Incident Handler (GCIH), Incident Handling & Response Professional (IHRP), Certified Computer Security Incident Handler (CSIH), Certified Incident Handling Engineer (CIHE), EC-Council's Certified Ethical Hacker.

Benefits & Perks

  • SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.

Required Skills

Ticketing systems (e.g., ServiceNow)
EDR
IDS/IPS
Network monitoring
Documentation and reporting
Real-time monitoring
Team collaboration
Mentoring and training
SOAR (Security Orchestration, Automation, and Response)
SIEM
Threat analysis
Root cause analysis
Cybersecurity incident response
Alert tuning
Forensics collaboration