Allied Consultants

Cyber Incident Response Analyst

Allied Consultants$80K — $110K *
San Antonio, TX 78228In-Person
Information Technology
5 - 7 years of experience
5 days ago
Job Overview by Ladders

Qualifications

  • 5+ years of experience in advanced host-based forensics on Windows and Linux systems.
  • 5+ years of ability to correlate host, network, and intelligence data for incident timelines.
  • 5+ years in producing high-quality incident reports and executive summaries.
  • 4+ years understanding of adversary TTPs and threat hunting methodologies.
  • 3+ years experience in a role as Incident Commander.
  • 1+ year supporting SLTT or critical infrastructure environments.
  • Preferred: Proficiency with various threat intelligence platforms.
  • Preferred: Hands-on experience with incident orchestration tools.
  • Preferred: Security certifications like CISSP or Security+.

Responsibilities

  • Perform advanced incident response across Windows and Linux environments.
  • Conduct host-based forensics including log analysis and malware behavior analysis.
  • Serve as Incident Commander during cybersecurity events.
  • Analyze adversary TTPs and map to MITRE ATT&CK.
  • Review and validate alerts from security tools like SIEM and EDR.
  • Produce incident reports and executive summaries for stakeholders.
  • Support multi-agency response operations and provide recommendations for improvements.

Benefits

  • Opportunity to work in a critical cybersecurity role that impacts multiple agencies.
  • Engagement with advanced security tools and platforms.
  • Chance to participate in multi-agency operations and enhance public cybersecurity.
  • Training and professional development opportunities in cybersecurity and incident response.
Full Job Description
Overview

We are currently seeking an experiencedCyber Incident Response Analyst to be a key resource on a technical services team.

Responsibilities
  • Perform advanced incident response across Windows and Linux environments, including triage, containment, eradication, and recovery.
  • Conduct host-based forensics, including log analysis, memory capture, file system review, and malware behavior analysis.
  • Serve as Incident Commander during cybersecurity events, coordinating actions, documenting decisions, and communicating with leadership and affected agencies.
  • Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings to MITRE ATT&CK.
  • Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring tools.
  • Produce incident reports, timelines, and executive summaries for statewide stakeholders.
  • Support multi-agency response operations, including SLTT partners and critical infrastructure entities.
  • Provide recommendations for detection improvements, hardening, and long-term mitigation.
  • Participate in post-incident reviews, lessons learned, and playbook updates.
  • Maintain readiness for 24x7 response through on-call rotation or surge support.
Qualifications

Minimum Requirements:Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.

Years

Required/Preferred

Experience

5

Required

Advanced hostbased forensics across Windows and Linux, including memory, disk, and malware analysis, using telemetry from NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and reconstruct attacker activity.

5

Required

Ability to correlate host, network, and intelligence data from CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and NetWitness to build complete incident timelines.

5

Required

Experience producing highquality incident reports and executive summaries using evidence collected from Gravwell, NetWitness, Corelight, and case management workflows.

4

Required

Strong understanding of adversary TTPs, intrusion kill chains, and threat hunting methodologies using packetlevel and loglevel data from but not limited to Corelight, NetWitness, and CRIBL pipelines.

3

Required

Incident Commander experience

1

Required

Experience supporting SLTT or critical infrastructure environments, including multitenant IR operations and crossagency coordination.

5

Preferred

Proficiency with threat intelligence platforms, including Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant, to enrich investigations, validate indicators, and map activity to MITRE ATT&CK.

5

Preferred

Handson experience using Cyware CSAP for incident orchestration, automated enrichment, case creation, and workflow execution across SIEM, IPS, EDR, and ticketing systems.

4

Preferred

Security Certifications Preferred (CISSP, CIH, Sec+)

About Allied Consultants

Allied Universal is an American provider of security systems and services; janitorial services; and staffing. The company was formed in 2016 by the merger of Santa Ana, California-based security and janitorial services company Universal Services of America, and Conshohocken, Pennsylvania-based security firm AlliedBarton Security Services. At the time of the merger, the combined company was reportedly the largest provider of security guards in the United States, with 140,000 trained officers between the two companies. In October 2021, Allied Universal completed a $5.1 billion takeover of British security firm G4S, creating a combined company of 800,000 employees, with revenues of more than $18 billion USD. The company maintains two corporate headquarters, one is in Santa Ana, California and the main headquarters is in Conshohocken, Pennsylvania.
Learn more about Allied Consultants
Industry
Business Services
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Allied Consultants

More Information Technology Jobs

Find similar Cyber Incident Response Analyst jobs:

NationwideSan Antonio, TX