Jobs · Information Technology · Arizona

Cybersecurity Incident Response Analyst II

Avnet · Chandler, AZ · 2 wk ago
Information TechnologyFull-time

Principal Responsibilities

  • Investigates and responds to escalated cybersecurity incidents, including validation, scoping, containment, and recovery, while determining root cause, scope, and business impact.
  • Threat Analysis and Correlation: Analyzes activity across endpoint, network, cloud, and identity systems and correlates data across EDR, SIEM, and other telemetry sources to understand attacker behavior.
  • SOC Escalation Support: Serves as an escalation point for SOC analysts by guiding investigations, improving triage quality, and helping ensure consistency in analysis.
  • Threat Hunting: Performs proactive threat hunting using structured queries, threat intelligence, and observed activity to identify suspicious behavior beyond alert-driven detection.
  • Detection and Response Improvement: Identifies detection gaps and contributes to improving detections, use cases, workflows, and overall response quality.
  • Documentation and Reporting: Maintains incident response playbooks, procedures, and investigation documentation, and develops clear incident reports and executive summaries for both technical and non-technical audiences.
  • Incident Coordination: Takes ownership of investigative workstreams during complex incidents and, when needed, assumes the role of incident commander until relieved by senior staff.
  • Post-Incident Review: Participates in post-incident reviews and contributes to applying lessons learned to improve future detection and response.

Distinguishing Characteristics

  • Investigation Depth: Demonstrates the ability to perform full investigations, including scoping, timeline reconstruction, root cause identification, and impact assessment.
  • Tool Proficiency: Experience operating within EDR and SIEM platforms and using multiple telemetry sources to conduct investigations.
  • CrowdStrike Experience: Hands-on experience with the CrowdStrike Falcon platform (EDR, NG-SIEM, Fusion, or related modules) and familiarity with Falcon Query Language or LogScale is strongly preferred.
  • Threat Hunting Capability: Experience performing proactive threat hunting and identifying activity outside of alert-driven workflows.
  • Multi-Source Correlation: Ability to correlate activity across endpoint, identity, network, and cloud systems without relying on a single tool.
  • Framework Awareness: Familiarity with MITRE ATT&CK and structured incident response practices aligned to frameworks such as NIST 800-61 Rev. 3.
  • Process Improvement Mindset: Experience improving detections, playbooks, or response workflows based on investigation findings and recurring patterns.
  • Incident Ownership: Demonstrates the ability to take ownership during incidents and contribute to coordination or leadership of response activities.
  • Communication: Strong written and verbal communication skills, including the ability to clearly explain what is happening, what it means, and what needs to happen next during active incidents.
  • Collaboration: Ability to work effectively with SOC, engineering, infrastructure, and security teams to investigate and remediate threats.

Similar jobs

Cybersecurity Analyst II

Electric Power EngineersDickson City, PA· 5 days ago
Information Technologyapply on careers-epeconsulting.icims.com

Cybersecurity Analyst II

Techneaux Technology ServicesLafayette, LA· 2 mo ago
Information Technology$80k/yrapply on recruiting.paylocity.com

Cybersecurity Analyst II

JabilSt. Petersburg, Florida, United States· 1 wk ago
Information Technologyapply on jabil.wd5.myworkdayjobs.com