[Remote] Incident Response Analyst (Remote)
Note: The job is a remote job and is open to candidates in USA. CrowdStrike is a global leader in cybersecurity, dedicated to stopping breaches with their advanced AI-native platform. The Incident Response Analyst will support the incident-response lifecycle, participate in complex initiatives, and conduct in-depth investigations to identify and respond to security threats across the organization.
Responsibilities
- Take ownership of security incidents detected by CSIRT, identify and recommend improvements to enhance workflows, tools, and response effectiveness
- Participate in escalated incidents by gathering and analyzing evidence from logs, endpoint telemetry, and threat-intel sources; perform and adapt investigative or containment actions from playbooks—such as host isolation, phishing email removal —and confirm remediation
- Conduct in-depth research on incident response related topics that support team operations and improve investigative capabilities
- Maintain clear documentation of investigative steps, evidence, decisions, and project progress to support transparency and knowledge sharing
- Identify gaps in detection coverage, workflows, or tooling, and collaborate on new detection logic, playbook refinements, and automation opportunities
- Contribute to the creation and maintenance of runbooks, knowledge articles, and other deliverables that strengthen CSIRT’s incident response capabilities Skills
- Demonstrated experience performing incident response from escalation through resolution, leveraging multiple data sources and coordinating with cross-functional teams
- Proficiency with EDR platforms (e.g., Falcon), SIEM/SOAR technologies, and network forensics tools (e.g., Zeek, Suricata, Wireshark) to support deep investigations
- Advanced investigative skills, including host- and network-level log analysis, endpoint telemetry review, and use of threat intelligence to determine scope and impact
- Strong knowledge of Windows, macOS, and Linux internals, as well as digital forensics techniques for memory, disk, and network artifact analysis
- Proven ability to conduct in-depth research on topics that support team operations and improve investigative capabilities, and to translate findings into actionable outcomes
- Solid understanding of network protocols (HTTP/S, DNS, SMTP, SMB, Kerberos) and the ability to analyze packet captures
- Strong written and verbal communication skills, with the ability to present investigative findings and recommendations to both technical and non-technical stakeholders
- Experience conducting cloud-focused incident response in AWS, Azure, or GCP environments
- Ability to design and deliver scenario-based training to enhance investigative skills and operational readiness
- Advanced scripting or development experience (Python, PowerShell, Bash, or Perl) to create custom investigative tooling, automate complex data analysis, or integrate new data sources into investigative workflows
- Expertise as a SIEM power user, capable of executing advanced, investigation-driven searches, building specialized dashboards, and developing or refining high-fidelity detections
- Proven track record of publishing threat research, presenting at security conferences, or contributing to industry-wide knowledge sharing Benefits
- Market leader in compensation and equity awards
- Comprehensive physical and mental wellness programs
- Competitive vacation and holidays for recharge
- Paid parental and adoption leaves
- Professional development opportunities for all employees regardless of level or role
- Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
- Vibrant office culture with world class amenities
- Great Place to Work Certified™ across the globe Company Overview
- CrowdStrike is a cybersecurity technology firm that provides cloud-delivered protection for cloud workloads, identity, and data. It was founded in 2011, and is headquartered in Sunnyvale, California, USA, with a workforce of 5001-10000 employees. Its website is Apply tot his job Apply tot his job Apply tot his job
Apply tot his job Apply To this Job