Security Incident Reponse Analyst

The Security Incident Response Analyst is a member of the Jackson Information Security and Privacy (JISP) Security Incident Response Team (SIRT) and will be responsible for initiating and supporting Cybersecurity incident and forensic investigations. As an incident handler, this individual will act as first responder to escalated security alerts, assessing, and swiftly containing malicious activity. The Security Incident Response Analyst will work in a flexible shift capacity, supporting a 24/7/365 Security Operations Center.

Essential Responsibilities

• Identifies, investigates, and responds to cybersecurity incidents, including host analysis, network forensics, log analysis, and malware triage.

• Takes the lead on immediate containment actions and initiates root cause analysis.

• Notifies on-call resources and escalates incidents to appropriate technical teams and management based on severity, impact, and established incident response procedures.

• Utilizes forensic tools, techniques, and capabilities to support account takeover (ATO) investigations.

• Maintains accurate incident records, ensuring proper documentation, evidence handling, and chain of custody throughout investigations.

• Researches security trends and recommends optimization of security tools, engaging engineering staff and management for approval and assisting in implementation.

• Monitors and ensures SOC security tools operate effectively, and recommends enhancements to improve detection, automation, and response outcomes.

• Maintains and continuously improves incident response procedures, playbooks, alerts, analytics, detections, and supporting documentation.

• Reports and analyzes trends in cybersecurity incidents, including account compromise and indicators of financially motivated threat activity.

• Leverages threat intelligence and Security Operations Center data to enrich investigations, analyze incident trends, and informs improvements to detection and response capabilities.

• Provides training, mentoring, and subject matter expertise for Security Operations Center (SOC) staff.

• Supports projects that drive continuous improvement of the Security Incident Response program.

Other Duties

• Participates in an on-call rotation and responds to critical security incidents outside of scheduled hours, as required.

• Ability to work outside of normal scheduled hours as required to support business continuity and emergency response efforts.

• Performs other duties and/or projects as assigned.

Knowledge, Skills and Abilities

• Experience investigating cybersecurity incidents using enterprise security technologies, including SIEM, SOAR, EDR, and host/network forensic tools.

• Familiarity with authentication, authorization, and logging concepts across enterprise environments.

• Basic understanding of incident response processes and methodologies, including investigation, containment, escalation, documentation practices, and chain of custody requirements for forensic investigations.

• Understanding of networking, security fundamentals, and administration of Windows, Linux, and Apple iOS.

• Understanding of Security Incident Response techniques in cloud environments (SaaS, PaaS, IaaS).

• Basic understanding of DevSecOps concepts and exposure to automation or AI-assisted tools used in security operations.

• Basic scripting or automation experience (e.g., PowerShell, Python, or Bash) to support investigations, or data analysis.

• Ability to correlate data from multiple sources to identify anomalies, suspicious behavior, or potential security incidents.

• Strong analytical and problem-solving skills, with the ability to follow established procedures and make sound decisions under guidance.

• Effective written and verbal communication skills, with the ability to document findings, collaborate with SOC team members, and clearly communicate findings, incident status, and relevant information to senior analysts or leadership.

Qualifications

• Bachelor''s Degree and/or equivalent experience required.

• 1+ years Information Security experience required.

• 3+ years Information Security experience preferred.

• Certification in Incident Response such as GCIH within 1-1/2 Yrs preferred.

• Certification in Forensics such as GCFE FA within 1-1/2 Yrs preferred.