Description: Binary Defense (BD) is seeking a talented Cybersecurity Incident Response Analyst to join our Analysis on Demand (AoD) team. This role focuses on hands-on investigation of cybersecurity incidents, threat hunting, and forensic analysis across endpoint, network, and cloud environments. Position Overview • Serve as an Incident Response (IR) Analyst supporting the Analysis on Demand (AoD) team. • Drive client meetings to discuss incident scope, investigative findings, and response updates while producing clear and detailed technical reports. • Conduct incident triage and verification, determine scope of compromise, perform threat hunting, and provide containment and remediation recommendations to customers. • Serve as a primary responder and point of contact during incident response engagements, supporting forensic investigation, analysis, and resolution of security incidents. • Work directly with clients to perform investigations, forensically analyze systems, and identify attacker activity across enterprise environments. • Analyze compromised systems to determine attack vectors, persistence mechanisms, lateral movement, and attacker techniques. • Identify attacker tools, tactics, and procedures (TTPs) and understand evolving threat actor behaviors. • Follow industry incident response best practices for containment, eradication, and recovery. • This position focuses on hands-on investigation and incident response, not alert monitoring or tier-1 SOC duties. • Must be familiar with incident response best practices and procedures. • Must have Windows-based incident response and computer forensics experience. • Must be familiar with network analysis, memory analysis, and digital forensics investigations. • Must possess excellent verbal and written communication skills, including the ability to present findings and recommendations to technical teams and leadership. Responsibilities • Communicate and collaborate with internal and customer teams to investigate and contain incidents for escalated security events and investigations. • Perform technical cybersecurity investigations including root cause analysis, threat identification, and remediation guidance. • Conduct client-facing incident response engagements examining endpoint, network, and cloud-based sources of evidence. • Schedule and lead video calls with clients for collaboration, investigation updates, and response coordination. • Perform host-based forensic analysis including artifact analysis, memory analysis, log analysis, and timeline reconstruction. • Conduct enterprise-scale artifact collection and analysis to identify attacker activity, persistence mechanisms, and lateral movement across multiple systems. • Utilize Velociraptor artifacts and VQL (Velociraptor Query Language) to perform targeted endpoint investigations and collect forensic artifacts across enterprise environments. • Investigate attacker activity using endpoint telemetry, system artifacts, authentication logs, and network evidence to reconstruct attack timelines. • Analyze attacker behavior and intrusion activity to determine initial access, persistence mechanisms, privilege escalation, and lateral movement used during an incident. • Recognize attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) and apply them to current and future investigations. • Support development of detections, hunting queries, and investigative methodologies based on findings from incident response engagements. • Assist in creating and revising standard operating procedures, policies, processes, playbooks, and technical reports. • Develop and present comprehensive reports, trainings, and presentations for both technical and executive audiences. • Provide post-incident recommendations and security improvement guidance to strengthen detection capabilities and reduce future attack risk. • Maintain professional knowledge by attending conferences, reviewing publications, writing blog posts, or participating in industry events. • Stay current on emerging threats, countermeasures, and security technologies. • Write technical documents and investigative reports. • Operate effectively in a fast-paced and collaborative environment. • Work remotely, receive direction, and operate as a self-starter. Requirements: • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent practical experience. • Certification in one or more of the following preferred: GCIH, GCFE, GCFA, GREM, GNFA • Experience working within a Security Operations Center (SOC) or Incident Response team. • 3–5+ years of hands-on cybersecurity investigation experience, including host forensics, network forensics, threat hunting, or incident response. • Experience supporting incident response investigations including analysis, containment, and remediation actions. • Demonstrated experience investigating active security incidents or confirmed compromises, including determini