Incident Response Analyst (Remote, ROU)

Posted 1 day agoViewed

View full description

💎 Seniority level: Middle, 1–3 years

📍 Location: Romania

🔍 Industry: Cybersecurity

🏢 Company: crowdstrikecareers

⏳ Experience: 1–3 years

🪄 Skills: PythonSQLBashLinuxScripting

Requirements:

1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment while working daily with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis.
Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.).
Solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP); able to interpret packet captures and network logs.
Proficiency with search/query languages (LQL, SPL, KQL, SQL etc.) to enrich alerts and investigate indicators, mapping findings to MITRE ATT&CK techniques.
Demonstrated experience responding to hacktivist, cyber-crime, or APT activity—triage, containment, escalation, and thorough documentation.
Capable of completing technical tasks independently, maintaining composure during incident response actions, and fostering a positive, collaborative work environment.
Strong verbal and written communication, analytical problem-solving, time-management, and project-management skills; desire to grow and continuously improve both technical and soft skills.

Responsibilities:

Provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats.
Gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact.
Execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success.
Escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution.
Consistently meet or exceed response-time targets for critical and high-urgency tickets.
Record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations.
Identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity.
Participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.

Apply

Related Jobs

Apply

🔥 Incident Response Analyst (Remote, ROU)

Posted 1 day ago

📍 Romania

🔍 Cybersecurity

🏢 Company: crowdstrikecareers

🔧 Requirements

1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment while working daily with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis.
Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.).
Solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP); able to interpret packet captures and network logs.
Proficiency with search/query languages (LQL, SPL, KQL, SQL etc.) to enrich alerts and investigate indicators, mapping findings to MITRE ATT&CK techniques.
Demonstrated experience responding to hacktivist, cyber-crime, or APT activity—triage, containment, escalation, and thorough documentation.
Capable of completing technical tasks independently, maintaining composure during incident response actions, and fostering a positive, collaborative work environment.
Strong verbal and written communication, analytical problem-solving, time-management, and project-management skills; desire to grow and continuously improve both technical and soft skills.

💡 Responsibilities

Provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats.
Gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact.
Execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success.
Escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution.
Consistently meet or exceed response-time targets for critical and high-urgency tickets.
Record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations.
Identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity.
Participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.

PythonSQLBashLinuxScripting

Posted 1 day ago

Apply

🔥 Incident Response Analyst (Remote, ROU)

Posted 1 day ago

📍 Romania

🔍 Cybersecurity

🏢 Company: crowdstrikecareers

🔧 Requirements

1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment while working daily with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis.
Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.).
Solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP); able to interpret packet captures and network logs.
Proficiency with search/query languages (LQL, SPL, KQL, SQL etc.) to enrich alerts and investigate indicators, mapping findings to MITRE ATT&CK techniques.
Demonstrated experience responding to hacktivist, cyber-crime, or APT activity—triage, containment, escalation, and thorough documentation.
Capable of completing technical tasks independently, maintaining composure during incident response actions, and fostering a positive, collaborative work environment.
Strong verbal and written communication, analytical problem-solving, time-management, and project-management skills; desire to grow and continuously improve both technical and soft skills.

💡 Responsibilities

Provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats.
Gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact.
Execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success.
Escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution.
Consistently meet or exceed response-time targets for critical and high-urgency tickets.
Record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations.
Identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity.
Participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.

PythonSQLBashLinuxScripting

Posted 1 day ago

Apply

🔥 Incident Response Analyst (Remote, ROU)

Posted 1 day ago

📍 Romania

🔍 Cybersecurity

🏢 Company: crowdstrikecareers

🔧 Requirements

1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment while working daily with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis.
Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.).
Solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP); able to interpret packet captures and network logs.
Proficiency with search/query languages (LQL, SPL, KQL, SQL etc.) to enrich alerts and investigate indicators, mapping findings to MITRE ATT&CK techniques.
Demonstrated experience responding to hacktivist, cyber-crime, or APT activity—triage, containment, escalation, and thorough documentation.
Capable of completing technical tasks independently, maintaining composure during incident response actions, and fostering a positive, collaborative work environment.
Strong verbal and written communication, analytical problem-solving, time-management, and project-management skills; desire to grow and continuously improve both technical and soft skills.

💡 Responsibilities

Provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats.
Gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact.
Execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success.
Escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution.
Consistently meet or exceed response-time targets for critical and high-urgency tickets.
Record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations.
Identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity.
Participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.

PythonSQLCybersecurityLinuxScripting

Posted 1 day ago

Apply