4,480 Dfir Analyst jobs in the United States

This is a remote role that may be hired in several markets across the United States.

As a Senior Incident Response Analyst, you'll be a member of the bank's Cyber Incident Response team. We are looking for an experienced senior level analyst with proven skillsets to detect and respond to threats in the environment, interact with business stakeholders and work to restore operations. This is a technical role and will support the Threat Hunting, Intelligence, and Monitoring functions with content creation, threat analysis, detection recommendations, and colleague mentoring. Seeking a candidate with strong communication skills to complement their technical skillset providing the ability to distill down complex issues for broader understanding expedited incident management.

• Incident Analyst/handler -investigate SIEM/SOAR events as necessary; bring experience in malware analysis, network/endpoint security to respond to and contain incidents.

• Incident Responder/Incident Lead - Lead Incidents, coordinating the investigation, mitigation, and remediation from a technical perspective. Liaise with technical and business stakeholders.

• Incident Management - Ensures Information Security incidents are properly detected, documented, investigated, and resolved.

• Content Development - Support the creation of countermeasures and mitigations in response to an incident.

• Threat Hunting - Support the operational driven inputs (eg. on the heels of an incident or event) into threat hunting and help build countermeasures/mitigations to address commodity and targeted threats. Also build a capability to track evolving threat actor techniques.

• Post Incident Review - Provide recommendations to improve communication, processes, procedures, and mitigation options based on high severity incidents.

Bachelor's Degree and 8 years of experience in Information security OR High School Diploma or GED and 12 years of experience in Information security

• Experience with all aspects of Incident response including stakeholder management.

• Familiarity with MITRE ATT&CK and its application to countermeasure creation is a plus.

• Support the build out of a proactive threat hunting capability.

• Experience analyzing/dispositioning and escalating security events (systems, application, network, authentication email events)

• Experience translating threat actor techniques to building mitigations across a variety of security technologies. This could take the form of Yara, Sigma or Regular Expressions.

• Ability to define security requirements and drive project deliverables.

• Ability to keep track of multiple incidents and ensure responses are provided in a timely fashion.

• Experience responding to cloud-related incidents in Azure, AWS and Google cloud.
• Cloud administrative experience preferred.
• Cyber Incident Response experience - 3+ years required in which your primary job was an Incident Response role.

• This role requires participation in the afterhours on call rotation. Rotations will cycle on a weekly basis.

The base pay for this position is generally between $140,000 and $188,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at

This is a remote role that may be hired in several markets across the United States.

As a Senior Incident Response Analyst, you'll be a member of the bank's Cyber Incident Response team. We are looking for an experienced senior level analyst with proven skillsets to detect and respond to threats in the environment, interact with business stakeholders and work to restore operations. This is a technical role and will support the Threat Hunting, Intelligence, and Monitoring functions with content creation, threat analysis, detection recommendations, and colleague mentoring. Seeking a candidate with strong communication skills to complement their technical skillset providing the ability to distill down complex issues for broader understanding expedited incident management.

• Incident Analyst/handler -investigate SIEM/SOAR events as necessary; bring experience in malware analysis, network/endpoint security to respond to and contain incidents.

• Incident Responder/Incident Lead - Lead Incidents, coordinating the investigation, mitigation, and remediation from a technical perspective. Liaise with technical and business stakeholders.

• Incident Management - Ensures Information Security incidents are properly detected, documented, investigated, and resolved.

• Content Development - Support the creation of countermeasures and mitigations in response to an incident.

• Threat Hunting - Support the operational driven inputs (eg. on the heels of an incident or event) into threat hunting and help build countermeasures/mitigations to address commodity and targeted threats. Also build a capability to track evolving threat actor techniques.

• Post Incident Review - Provide recommendations to improve communication, processes, procedures, and mitigation options based on high severity incidents.

Bachelor's Degree and 8 years of experience in Information security OR High School Diploma or GED and 12 years of experience in Information security

• Experience with all aspects of Incident response including stakeholder management.

• Familiarity with MITRE ATT&CK and its application to countermeasure creation is a plus.

• Support the build out of a proactive threat hunting capability.

• Experience analyzing/dispositioning and escalating security events (systems, application, network, authentication email events)

• Experience translating threat actor techniques to building mitigations across a variety of security technologies. This could take the form of Yara, Sigma or Regular Expressions.

• Ability to define security requirements and drive project deliverables.

• Ability to keep track of multiple incidents and ensure responses are provided in a timely fashion.

• Experience responding to cloud-related incidents in Azure, AWS and Google cloud.
• Cloud administrative experience preferred.
• Cyber Incident Response experience - 3+ years required in which your primary job was an Incident Response role.

• This role requires participation in the afterhours on call rotation. Rotations will cycle on a weekly basis.

The base pay for this position is generally between $140,000 and $188,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at

Department: Security Operations

Employment Type: Full Time

Location: Remote

Reporting To: Cris Hamilton

Position Overview

We are seeking a Senior Security Incident Response Analyst to join our growing Cybersecurity team. The ideal candidate will have extensive hands-on experience in detecting, responding to, and remediating sophisticated cyber threats using industry-leading tools, particularly EDR platforms. This role requires a deep technical background in both offensive and defensive security, forensic analysis, and threat hunting. The successful candidate will serve as a senior technical escalation point for complex incidents and help drive continuous improvement of our incident response capabilities.

• Lead and conduct advanced investigations into security incidents using EDR, Network traffic analysis, and Forensic tools.
• Perform root cause analysis and develop mitigation strategies for complex cyber threats, including APTs, malware outbreaks, insider threats, ransomware, encryption, data exfil activities and others.
• Act as a technical escalation point during major security incidents, providing in-depth knowledge of tools, techniques, and procedures (TTPs) used by threat actors.
• Conduct deep dive investigations and threat hunting activities to detect and respond to anomalies and early indicators of compromise (IOCs), using EDRs products. (Mostly MS Defender).
• Perform memory, disk, and log forensics using tools such as Volatility, Autopsy, and Windows/Linux forensic utilities.
• Develop and refine incident response runbooks, playbooks, and standard operating procedures (SOPs).
• Contribute with IR Partners by leveraging offensive and threat hunting security knowledge.
• Assist with post-incident reviews and lessons learned to improve detection and response strategies.
• Mentor junior IR analysts.
• Stay current with the threat landscape, emerging attack techniques, and relevant security technologies.

• Experience: Minimum 5+ years in a dedicated Incident Response or Security Operations role, with hands-on investigative experience using advanced EDR solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, etc.).
• Technical Security Skills:
• Defensive: Malware analysis, memory forensics, log analysis, endpoint and network triage.
• Offensive: Understanding of exploitation techniques, red teaming, vulnerability assessment, and attack simulations.
• Certifications: One or more of the following is required or highly preferred:
• GIAC GCFA / GCIA / GCIH / GNFA
• OSCP / OSCE / GPEN
• Microsoft SC-200 / MS Defender-specific certifications
• OWASP or web application security certifications
• Networking and Systems Expertise:
• Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, SMTP, etc.)
• Proficiency in analyzing packet captures and netflow data (e.g., Wireshark, Zeek)
• Deep understanding of Windows, Linux, and cloud environments (AWS, Azure)
• Knowledge of IR Frameworks: NIST 800-61, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain.
• Scripting and Automation: Python, PowerShell, Bash, or equivalent scripting languages for automating investigation and response tasks.

At Deep Seas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we arent Deep Seas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:

• We are client obsessed.
• We stand in solidarity with our teammates.
• We prioritize personal health and well-being.
• We believe in the power of diversity.
• We solve hard problems at the speed of cyber.

This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and lets talk!

Information security is everyones responsibility:

• Understanding and following DeepSeass information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeass information security.
• Actively participating in DeepSeass efforts to maintain and improve information security.
• DeepSeas considers this position is as Moderate Risk with a potential to view/access/download restricted/private client/internal data. This information must be treated with Sensitivity and in the most secure manner. HR reserves the right to perform random background/drug Screens to ensure the safety of client/DeepSeas data

Job Title: Security Incident Response Analyst

Location: Reston, VA (TechSur HQ Office)

Salary: DOE + full benefits

Clearance: Active Public Trust (or ability to obtain)

Company Overview:

TechSur Solutions is a digital services company whose mission is to enable digital transformation for our customers improving quality and efficiency. Based in the DC metropolitan area, TechSur specializes in advanced cloud services, modernization for both IT structures and applications, leveraging Agile development, and Data Analytics. Since we were formed in August of 2016, we have supported multiple impactful and exciting government programs.

Job Overview

We are seeking a highly motivated Security Incident Response Analyst to monitor, analyze, and respond to cybersecurity incidents. The ideal candidate will work to detect, investigate, and contain security threats. This role involves real-time monitoring, forensic analysis, and collaboration with IT teams to strengthen the organization's cybersecurity posture.

Job Responsibilities
• Continuously monitor security alerts from SIEM (Security Information and Event Management) tools (Splunk, QRadar, ArcSight, etc.).
• Analyze logs from firewalls, IDS/IPS, endpoint security tools, and cloud security platforms.
• Detect, investigate, and escalate security incidents in real time.
• Analyze security threats, contain compromised assets, and initiate response actions.
• Conduct digital forensics and malware analysis to determine root causes.
• Work closely with IT teams to implement remediation measures, such as patching, access controls, and security hardening.
• Develop incident playbooks and response plans for various attack scenarios.
• Document security incidents, investigation steps, and remediation actions.
• Provide detailed incident reports and root cause analysis for leadership.
• Conduct post-incident reviews to identify security gaps and improve response strategies.

Required Skills/Work Experience
• 8+ years of experience
• Design, develop, engineer, and implement solutions to MLS requirements.
• Perform complex risk analyses which also include risk assessment.
• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Support customers at the highest levels in the development and implementation of doctrine and policies.
• Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
• Perform analysis, design, and development of security features for system architectures.

Education
• Bachelor's degree in computer science, information science, or related field

Radware is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers.

At Radware, we live and breathe cybersecurity. It is our passion. Each day, our international team works to earn the trust of more than 12,500 organizations around the globe. Keeping them safe is our mission. To that end, we go head-to-head with politically motivated hacktivists, dangerous nation-state threat actors and other notorious cyber attackers -these are not your average adversaries. Backed by nearly 30 years of experience, Radware is best known for its technical excellence and innovative network and application security solutions. That is why it is so important that we build our team with bold and bright talent.

What is the job:

The Radware Emergency Response Team (ERT) is located around the world, and operates globally, providing 24/7/365 support coverage and attack mitigation.
Radware ERT includes experts in the area of network threats, Application Security, Denial-of-Service attacks, with hands-on experience and skills to detect and mitigate attacks in real-time, assist customers, and operate Radware’s security solutions.

The Senior Security Analyst will run complex security analysis against real Layer3 - Layer7 attack vectors using various tools, technologies and techniques. Assessing and responding to Application Security threats and Low-level networking threats. Providing security support and guidance to customers during strategic projects and security events. Supporting and guiding lower security Tiers and collaborating with peers and stakeholders world-wide.

What will you do?

• Hands-on analysis and research of Layer3 - Layer7 attack vectors in the area of network threats.
• Investigating complex security events, gathering and assessing data from multiple sources, and providing clear picture of conclusion.
• Analyzing PCAPs, logs, forensics and artifacts and using various mitigation devices.
• Using investigation tools & data sources such as Wireshark, Kibana, Grafana, BigQuery, and much more.
• Using SQL and different dialects to query large datasets containing HTTP transactions, security logs, network captures, etc.
• Developing and maintaining scripts & automations to accelerate reoccurring tasks and projects.
• Reviewing & assessing security policies of customers and providing insights and reports.
• Supporting and guiding customers during SAAS onboarding projects and security architecture meetings.
• Leading & supporting the teams as part of the IR during security incidents and escalations.
• As a Senior member, taking part as a trainer in security & cloud training to junior members.
• Collaborating with global peers & stakeholders.

• The position requires rotational Friday morning shifts

Join Caleres, Inc. as a Security Analyst and be part of a global footwear company with a rich history and a dynamic team. At Caleres, we are committed to inspiring people to feel great, one step at a time. With renowned brands like Famous Footwear and Sam Edelman, this is your chance to shape the future of our beloved company!

As a Security Analyst, you will play a vital role in ensuring the safety of our digital environment. If you have a passion for security and a keen eye for detail, this position is perfect for you!

Key Responsibilities:

• Monitor the performance and availability of security services, providing informed recommendations on security tools, software, and services.
• Conduct ongoing investigations to analyze information security alarms and events, assessing vulnerabilities and their potential impact.
• Implement structured risk assessment processes, regularly assessing threats and vulnerabilities, and evaluating controls to mitigate risks.
• Participate in architecture reviews to ensure compliance with information security standards.
• Develop comprehensive plans to prevent, detect, and respond to information security incidents.
• Create and deliver engaging training programs focused on information security and privacy to enhance awareness.

Perks of Joining Our Team:

• Enjoy a 30% Associate Discount across Famous Footwear and Caleres brands to find your perfect fit!
• Receive benefits starting on your first day, including 401k, health benefits, and PTO.
• Access your earnings before payday with our convenient payment options.
• Benefit from 24/7 mental wellness support through CompPsych EAP.
• Enjoy a relaxed dress code that promotes your authentic style.
• Take advantage of our onsite gym, Starbucks, and Grab and Go Market with convenient parking in downtown Clayton, MO.

Qualifications:

• Bachelor's degree in Information Systems or related field with 3 years of experience; or 5+ years in IT Security or a related area.
• Strong collaboration and communication skills with a proactive approach to processes and procedures.
• Hands-on technical experience with Next-gen firewall solutions, endpoint security, SIEM tools, vulnerability scanners, and certificate management.

At Caleres, we embrace diversity and are committed to creating an inclusive workplace. We regularly review our compensation packages to ensure they reflect our commitment to fairness.

If you have been approached for personal data or money during the recruitment process, please report this to the appropriate channels. Legitimate Caleres contacts will use @caleres.com email addresses only.

Candidates must be eligible to work in the United States without requiring company sponsorship to obtain or keep U.S. work authorization.

Job Description

We are seeking a highly skilled and motivated Senior Security Analyst to join our team. This individual will work as part of a team that is responsible for the design, standardization, automation, implementation, and support around all facets of the Information Security Program, including e-mail, identity, endpoint, server, network, and mobile device security and automating detect and response capabilities. This role requires strong technical expertise to collaborate with IT infrastructure teams and will be responsible to manage various security projects, including data classification and retention projects.

Key Responsibilities

• Identity and Access Management
  • Manage identity and access management (IAM) initiatives, including zero trust and conditional access.
  • Ensure secure and efficient access to systems and data by enforcing strong authentication mechanisms.
  • Regularly review and audit access controls to identify and address potential risks and opportunities for improvement.
  • Maintain up-to-date knowledge of emerging IAM technologies and best practices.

• Privilege Access Management
  • Design, implement, and manage privilege access management (PAM) solutions to control and monitor access to sensitive systems and data.
  • Ensure adherence to the principle of least privilege.
  • Regularly review and audit access controls to identify and address potential risks.

• Automating Detection and Response
  • Enhance M365 E5 security features to enhance the organization's security posture.
  • Develop and automate detection and response capabilities to quickly identify and mitigate security incidents.
  • Conduct regular assessments and audits to ensure and improve the effectiveness of security measures.
  • Collaborate with internal and external auditors to address security gaps.

• Other responsibilities
  • Proven ability to work as part of a team and communicate ideas, suggestions, and solutions that drive continuous improvement to meet the organization's long-term objectives.
  • Understanding of Active Directory/Entra and best practices
  • Ability to build tools and scripts to perform real time security health assessments of against Company standards and measure improvement.
  • Understanding of secure development best practices
  • Work with the team to evaluate and improve the effectiveness of security tools.
  • Experience with security infrastructure encompassing endpoint, server, and network
  • Incident response management experience
  • Ability to utilize previous experience around Information Security technologies and identify areas for process and operational improvements.
  • Ability to interface with appropriate leaders and team members across the organization to identify and develop security procedures to support business needs.
  • Demonstrated ownership around individual and team-initiated projects, as well as the long-term maintenance of those projects.

• Bachelor's Degree in MIS, Computer Science preferred (or related field).
• Working knowledge of EDR, SIEM, Edge Management, and identity management tools
• Scripting experience, PowerShell or .NET (VB or C#)
• 5+ years of experience in IT security, IT Audit or related field.
• CISSP, CISM and/or other relevant certifications preferred.
• Strong problem-solving skills.
• Strong communication skills

• Medical, Dental, Vision and Prescription Drug Coverage
• Spending accounts (HSA, Health Care FSA and Dependent Care FSA)
• Paid Time Off and Holidays
• 401k Retirement Plan with Matching Employer Contributions
• Life and Accidental Death & Dismemberment (AD&D) Insurance
• Paid Leaves
• Tuition Assistance

Since 2012, we've grown to become one of the leading single-family rental companies and homebuilders in the country, recently recognized as a top employer by Fortune and Great Place To Work®. At AMH, our goal is to simplify the experience of leasing a home through professional management and maintenance support, so our residents can focus on what really matters to them, wherever they are in life.

The Security Analyst is responsible for monitoring, investigating, and responding to day-to-day security alerts, incidents, and issues. This includes alert management, log searches, issue investigation, handling of escalations received from Security Specialists, and effective coordination and collaboration with other IT teams.

Responsibilities:

• Respond to and investigate day-to-day security alerts, incidents, and issues.
• Coordinate and oversee the remediation of threat hunt detections through data sources and tools (e.g., proactively search for potential threats within an organization's network or systems.).
• Responds to escalated issues received from Security Specialists (e.g., received via phone call, email, etc.).
• Document new and current standard security procedures and processes, and ensure the documentation is up to date and accessible to the team.

• Bachelor's degree in Computer Science, Information Technology, or Information Security from four-year college or university preferred or an equivalent combination of education and experience
• Minimum of one (1) year of experience in IT Security
• Experience in responding to security alerts and incidents
• Entry level Security Certification such as Security + preferred
• Basic knowledge of networking/web, phishing/cyberattacks, and incident response Security+ certification and other security related certifications are preferred
• Strong time and ticket management skills
• May occasionally work evenings or weekends as this position is part of an on-call rotation.