×
Register Here to Apply for Jobs or Post Jobs. X
More jobs:

Cybersecurity Incident Response Analyst II

Job in Chandler, Maricopa County, Arizona, 85249, USA
Listing for: Avnet
Full Time position
Listed on 2026-07-06
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Applicant must be a U.S. Person (for example, a U.S. citizen or lawful permanent resident / green card holder) eligible to access Controlled Unclassified Information (CUI)

Applicant must be a U.S. Person (for example, a U.S. citizen or lawful permanent resident / green card holder) eligible to access Controlled Unclassified Information (CUI).

Job Summary

We are seeking a hands‑on Cyber Incident Response Analyst to join a steadily maturing incident response program. In this role, you will be part of a global team operating in a follow‑the‑sun model across regions, supporting incident response through coordinated handoffs. The team operates on the Crowd Strike platform across EDR, NG‑SIEM, SOAR, case management, and Charlotte AI, working closely with an externally managed SOC to support escalated investigations.

As we continue integrating AI capabilities into the platform, lower‑level triage work is handled automatically, allowing analysts to focus on deeper investigation, threat hunting, reporting, and improving how incidents are detected and handled.

Principal Responsibilities
  • Incident Investigation: Investigates and responds to escalated cybersecurity incidents, including validation, scoping, containment, and recovery, while determining root cause, scope, and business impact.

  • Threat Analysis and Correlation: Analyzes activity across endpoint, network, cloud, and identity systems and correlates data across EDR, SIEM, and other telemetry sources to understand attacker behavior.

  • SOC Escalation Support: Serves as an escalation point for SOC analysts by guiding investigations, improving triage quality, and helping ensure consistency in analysis.

  • Threat Hunting: Performs proactive threat hunting using structured queries, threat intelligence, and observed activity to identify suspicious behavior beyond alert‑driven detection.

  • Detection and Response Improvement: Identifies detection gaps and contributes to improving detections, use cases, workflows, and overall response quality.

  • Documentation and Reporting: Maintains incident response playbooks, procedures, and investigation documentation, and develops clear incident reports and executive summaries for both technical and non-technical audiences.

  • Incident Coordination: Takes ownership of investigative work streams during complex incidents and, when needed, assumes the role of incident commander until relieved by senior staff.

  • Post‑Incident Review: Participates in post‑incident reviews and contributes to applying lessons learned to improve future detection and response.

  • Other duties as assigned

Distinguishing Characteristics
  • Investigation Depth: Demonstrates the ability to perform full investigations, including scoping, timeline reconstruction, root cause identification, and impact assessment.

  • Tool Proficiency: Experience operating within EDR and SIEM platforms and using multiple telemetry sources to conduct investigations.

  • Crowd Strike

    Experience:

    Hands‑on experience with the Crowd Strike Falcon platform (EDR, NG‑SIEM, Fusion, or related modules) and familiarity with Falcon Query Language or Log Scale is strongly preferred.

  • Threat Hunting Capability: Experience performing proactive threat hunting and identifying activity outside of alert‑driven workflows.

  • Multi‑Source Correlation: Ability to correlate activity across endpoint, identity, network, and cloud systems without relying on a single tool.

  • Framework Awareness: Familiarity with MITRE ATT&CK and structured incident response practices aligned to frameworks such as NIST 800‑61 Rev. 3.

  • Process Improvement Mindset: Experience improving detections, playbooks, or response workflows based on investigation findings and recurring patterns.

  • Incident Ownership: Demonstrates the ability to take ownership during incidents and contribute to coordination or leadership of response activities.

  • Communication: Strong written and verbal communication skills, including the ability to clearly explain what is happening, what it means, and what needs to happen next during active incidents.

  • Collaboration: Ability to work effectively with SOC, engineering, infrastructure, and security teams to investigate and remediate threats.

Work…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary