Job Specifications
San antonio, TX
16 days ago
Mid Level
Last Jobs You Viewed
Senior Incident Response Analyst
Peak Performers has partnered with a Texas State Agency to assist in their search for a hybrid Sr. Incident Response Analyst in either Austin, TX or San Antonio, TX.
Major duties
- Perform advanced incident response across Windows and Linux environments, including triage, containment, eradication, and recovery.
- Conduct host-based forensics, including log analysis, memory capture, file system review, and malware behavior analysis.
- Serve as Incident Commander during cybersecurity events, coordinating actions, documenting decisions, and communicating with leadership and affected agencies.
- Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings to MITRE ATT&CK.
- Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring tools.
- Produce incident reports, timelines, and executive summaries for statewide stakeholders.
- Support multi-agency response operations, including SLTT partners and critical infrastructure entities.
- Provide recommendations for detection improvements, hardening, and long-term mitigation.
- Participate in post-incident reviews, lessons learned, and playbook updates.
- Maintain readiness for 24x7 response through on-call rotation or surge support.
What are we looking for?
- 5 years of experience performing advanced host-based forensics across Windows and Linux, including memory, disk, and malware analysis, using telemetry from NetWitness, Gravwell, Google SecOps, and Corelight.
- 5 years of experience correlating host, network, and intelligence data from CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and NetWitness to build complete incident timelines.
- 5 years of experience producing incident reports and executive summaries using evidence from Gravwell, NetWitness, Corelight, and case management workflows.
- 4 years of experience applying adversary TTPs, intrusion kill chains, and threat hunting methods using packet-level and log-level data from Corelight, NetWitness, and CRIBL pipelines.
- 3 years of experience serving as an Incident Commander.
- 1 year of experience supporting SLTT or critical infrastructure environments, including multi-tenant IR operations and cross-agency coordination.
- 5 years of experience using threat intelligence platforms such as Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant to enrich investigations and map activity to MITRE ATT&CK.
- 5 years of hands-on experience using Cyware CSAP for incident orchestration, automated enrichment, case creation, and workflow execution across SIEM, IPS, EDR, and ticketing systems.
- 4 years of experience with security certifications such as CISSP, CIH, or Security+.
Exciting Opportunity Details
Rate: $89.00/hour
W2 Contract
Worksite Location: Candidate can be located in either Austin or San Antonio
Hybrid
Contract Length: 1 year
The Peak Performers difference
Excellent medical health, dental & vision insurance at 60 days
Our employees may choose to participate in a 403(b) retirement plan
Qualified applicants with chronic medical conditions and/or disabilities receive priority placement
We pay weekly through direct deposit
In business since 1994 and thousands of job placements
All employment offers are contingent on the successful completion of a pre-employment criminal background check, in compliance with all applicable federal and state laws.
Applicants for employment with Peak Performers must possess work authorization that does not require sponsorship for a visa now or in the future.
Peak Performers is an equal opportunity employer and will consider all applicants without regard to race, marital status, sex, age, color, religion, national origin, veteran status, disability or any other characteristic protected by law. Peak Performers does not accept unsolicited resumes from headhunters, recruitment agencies or fee-based recruitment services.
#LI-Hybrid