Cybersecurity Incident Response Analyst II
Avnet · Chandler, AZ · 2 wk ago
Information TechnologyFull-time
Principal Responsibilities
- Investigates and responds to escalated cybersecurity incidents, including validation, scoping, containment, and recovery, while determining root cause, scope, and business impact.
- Threat Analysis and Correlation: Analyzes activity across endpoint, network, cloud, and identity systems and correlates data across EDR, SIEM, and other telemetry sources to understand attacker behavior.
- SOC Escalation Support: Serves as an escalation point for SOC analysts by guiding investigations, improving triage quality, and helping ensure consistency in analysis.
- Threat Hunting: Performs proactive threat hunting using structured queries, threat intelligence, and observed activity to identify suspicious behavior beyond alert-driven detection.
- Detection and Response Improvement: Identifies detection gaps and contributes to improving detections, use cases, workflows, and overall response quality.
- Documentation and Reporting: Maintains incident response playbooks, procedures, and investigation documentation, and develops clear incident reports and executive summaries for both technical and non-technical audiences.
- Incident Coordination: Takes ownership of investigative workstreams during complex incidents and, when needed, assumes the role of incident commander until relieved by senior staff.
- Post-Incident Review: Participates in post-incident reviews and contributes to applying lessons learned to improve future detection and response.
Distinguishing Characteristics
- Investigation Depth: Demonstrates the ability to perform full investigations, including scoping, timeline reconstruction, root cause identification, and impact assessment.
- Tool Proficiency: Experience operating within EDR and SIEM platforms and using multiple telemetry sources to conduct investigations.
- CrowdStrike Experience: Hands-on experience with the CrowdStrike Falcon platform (EDR, NG-SIEM, Fusion, or related modules) and familiarity with Falcon Query Language or LogScale is strongly preferred.
- Threat Hunting Capability: Experience performing proactive threat hunting and identifying activity outside of alert-driven workflows.
- Multi-Source Correlation: Ability to correlate activity across endpoint, identity, network, and cloud systems without relying on a single tool.
- Framework Awareness: Familiarity with MITRE ATT&CK and structured incident response practices aligned to frameworks such as NIST 800-61 Rev. 3.
- Process Improvement Mindset: Experience improving detections, playbooks, or response workflows based on investigation findings and recurring patterns.
- Incident Ownership: Demonstrates the ability to take ownership during incidents and contribute to coordination or leadership of response activities.
- Communication: Strong written and verbal communication skills, including the ability to clearly explain what is happening, what it means, and what needs to happen next during active incidents.
- Collaboration: Ability to work effectively with SOC, engineering, infrastructure, and security teams to investigate and remediate threats.