alliedconsultants
Cyber Incident Response Analyst
Company
Role
Cyber Incident Response Analyst
Location
Job type
Other
Found on Mokaru
3 days ago
Salary
Job description
Overview
Texas GovLink, Inc. is an Austin-based firm which has been a leading provider of technical and business professionals to clients in Texas. We are currently seeking an experienced Cyber Incident Response Analyst to be a key resource on a technical services team.
Texas GovLink offers its family of consultants excellent rates, a local support staff, and an attractive benefits package which includes medical insurance (TGL shares a percentage of the cost), life insurance, a matching 401(k) plan and a cafeteria plan.Candidates selected for interview will be required to undergo criminal background checks and may be required to complete a drug screen in accordance with Federal and State Law. Offers of Employment are contingent on a successful background checkTexas GovLink is an equal opportunities employer.
Responsibilities
- Perform advanced incident response across Windows and Linux environments, including triage, containment, eradication, and recovery.
- Conduct host-based forensics, including log analysis, memory capture, file system review, and malware behavior analysis.
- Serve as Incident Commander during cybersecurity events, coordinating actions, documenting decisions, and communicating with leadership and affected agencies.
- Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings to MITRE ATT&CK.
- Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring tools.
- Produce incident reports, timelines, and executive summaries for statewide stakeholders.
- Support multi-agency response operations, including SLTT partners and critical infrastructure entities.
- Provide recommendations for detection improvements, hardening, and long-term mitigation.
- Participate in post-incident reviews, lessons learned, and playbook updates.
- Maintain readiness for 24x7 response through on-call rotation or surge support.
Qualifications
Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
Years
Required/Preferred
Experience
5
Required
Advanced host‑based forensics across Windows and Linux, including memory, disk, and malware analysis, using telemetry from NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and reconstruct attacker activity.
5
Required
Ability to correlate host, network, and intelligence data from CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and NetWitness to build complete incident timelines.
5
Required
Experience producing high‑quality incident reports and executive summaries using evidence collected from Gravwell, NetWitness, Corelight, and case management workflows.
4
Required
Strong understanding of adversary TTPs, intrusion kill chains, and threat hunting methodologies using packet‑level and log‑level data from but not limited to Corelight, NetWitness, and CRIBL pipelines.
3
Required
Incident Commander experience
1
Required
Experience supporting SLTT or critical infrastructure environments, including multi‑tenant IR operations and cross‑agency coordination.
5
Preferred
Proficiency with threat intelligence platforms, including Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant, to enrich investigations, validate indicators, and map activity to MITRE ATT&CK.
5
Preferred
Hands‑on experience using Cyware CSAP for incident orchestration, automated enrichment, case creation, and workflow execution across SIEM, IPS, EDR, and ticketing systems.
4
Preferred
Security Certifications Preferred (CISSP, CIH, Sec+)
