Security Analyst/Incident Responder
Listed on 2026-07-13
-
IT/Tech
Cybersecurity
Be Challenged and Make a Difference
In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At Ana Vation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture.
Description of Task to be PerformedAna Vation is looking for a Security Analyst (Incident Responder) to assist the client leadership with vulnerability management and incident response activities. The ideal candidate will be comfortable engaging with client leadership on a regular basis and interacting with senior level team members.
Responsibilities- Lead and manage Incident Response (IR) activities to include triage, investigating, interviewing, resolving, and reporting on events. Creating, updating, and/or revising the IR Playbook and IR Plan.
- Monitor, maintain and administer policies and rules within EDR and SIEM tools (e.g., Crowdstrike, Splunk).
- Support and develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
- Develop and implement defensive cyber best practice tactics, techniques, and procedures.
- Maintain Incident Ticketing tracking system and related tickets within Remedy or other tracking tools.
- Monitor and take action within multiple tools providing security functions such as vulnerability management(e.g., Nessus), configuration management (e.g., Tenable Security Center, IBM Big Fix, SCCM), endpoint protection (e.g., antivirus, ATP), intrusion detection software and hardware.
- Manage and perform Splunk queries to examine and query log data from the Enterprise Logging as a Service system and perform log analysis.
- Ensure system and application logs are being sent to enterprise SIEM tool for log monitoring.
- Conduct and manage vulnerability scans using Tenable SC and/or Qualys.
- Analyze scan results, prioritize findings by risk and impact, coordinate with responsible parties for remediation and validate false positives.
- Interacting with GRC tool (e.g., CSAM) to perform daily/weekly vulnerability analysis.
- Creating and compiling weekly security metrics into dashboards and charts.
- Presenting vulnerability analysis to system admins, system owners, and leadership.
- Flexible with other security related tasks as needed by the customer.
This position is hybrid, with the potential for periodic onsite attendance at our customer location in Alexandria, VA.
Applicants who do not currently reside within commuting distance should describe how they would satisfy this requirement. Remote status is subject to change at the customer’s direction.
This position requires a Public Trust
Required Qualifications- Bachelor's degree in a related field or equivalent demonstrated experience and knowledge.
- 6 years’ experience as a Security Administrator or equivalent knowledge.
- Hands‑on experience conducting incident response activities and vulnerability analysis of various systems, applications, security tools, databases, and networks logs.
- Performing vulnerability scans with tools such as Tenable or Qualys.
- Experience with Crowdstrike, TenableSC, Splunk. (Experience with comparable tools may be considered).
- Experience with NIST SP 800-61 rev2 Computer Security Incident Handling Guide.
- Excellent oral and written communication skills.
- Familiarity with multi‑tiered network applications, common ports and protocols used in those communications, the Common Vulnerability System (CVS) and the exploitation mechanisms of common vulnerability types (e.g., buffer overflows, cross‑site‑scripting, SQL injection).
- Ability to perform online research and comprehend attack signatures while comparing them to network traffic to perform proper analysis of detections.
- Ability to use common tools such as Wireshark to examine network traffic.
- Certifications:
Security+ required.
- Self‑Starter – ability to quickly become competent with new security‑related tools and processes.
- Ability to conduct Deep Dive analysis to determine root cause assessment of various network scanning agents’ scanning or communication failures.
- Ability to coordinate remediation strategies with…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).