Tier 3 Cybersecurity Incident Response Analyst

Position Overview

Armavel, LLC is offering an opportunity to join a forward-thinking cybersecurity team dedicated to protecting mission-critical systems supporting the Department of Veterans Affairs. As a Tier 3 Cybersecurity Incident Response Analyst, you will drive IR in a fast-paced environment by identifying, investigating, and mitigating complex cybersecurity threats while collaborating with experts across multiple disciplines. This is an on-site role in the Austin, TX area.

Key Responsibilities

• Leading efforts in detecting, analyzing, and responding to the most challenging cybersecurity incidents as a Tier 3 lead analyst.
• Operationalizing and onboarding modern detection technologies.
• Crafting and augmenting playbooks for modern cloud-based incident response.
• Analyzing attack vectors and patterns to determine root cause and recommending effective remediation strategies.
• Guiding, coaching, and mentoring Tier 1 and Tier 2 analysts during incident investigations.
• Driving all incident response activities from detection through recovery, including lessons learned and continuous improvement.
• Developing and coordinating real-time security analytics use cases to detect sophisticated cyber threats.
• Implementing and leveraging SOAR platforms to automate and streamline incident response workflows.
• Collaborating with forensics, threat intelligence, IT, and network teams for effective response coordination.
• Mentoring and supporting junior and mid-level cybersecurity staff to foster a culture of learning and collaboration.
• Leading cybersecurity exercises, simulations, and continuous training to strengthen readiness.

Required Qualifications

• Ability to track sophisticated, modern cybersecurity threats in a high-pressure environment.
• Deep understanding of cybersecurity principles, incident response frameworks, digital forensics, and leadership skills.
• Strong analytical, problem-solving, and communication skills for technical and non-technical audiences.
• Expertise with SIEM, IDS/IPS, EDR, and network monitoring solutions.
• Experience implementing and managing SOAR and other automation tools.
• Proficiency with enterprise ticketing platforms such as ServiceNow.
• Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
• 5+ years supporting enterprise-scale IT or cybersecurity operations.
• 3+ years managing enterprise-level incident response or Security Operations Center environments.
• Advanced industry certifications (e.g., CISSP, GCIH, GCFA, CEH) are highly desirable.
• In-depth knowledge of Azure/AWS native tools, security event analysis, digital forensics, malware triage, and security automation.
• Experience leading incident response activities across multiple technical teams and managing complex IT infrastructures.
• Must be a US Citizen with the ability to obtain a US Security Clearance.
• Some travel may be required.

Preferred Qualifications

• Prior experience supporting federal information systems.

Benefits & Perks

• Freedom to approach challenging topics with strategic thinking and creative energy.
• Opportunity to work with supportive colleagues who are committed to excellence.
• Be part of a great team on an important mission—keeping federal data and systems secure.