Senior Incident Response Analyst

XOR Security is currently seeking a Senior Incident Response Analyst to support a large commercial financial entity Cyber Security Operation Center (CSOC). The program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise. CSOC Analysts will conduct security event monitoring, advanced analytics and response activities in support of the CND operational mission. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations to include the development of advanced analytics and countermeasures to protect critical assets from various cyber threats. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response. A strong work ethic, diligent time and attendance, written and verbal communications skills are a must along with the ability to work night shifts. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.

The Cybersecurity Operations Center is looking for a driven professional to help advance the program's strategic vision. You will also have the opportunity to work closely with the Focused Operations manager and lead the collaboration with other Information Security teams for adversary emulation and threat hunt operations.

***Hours are flexible within core office hours of 7:00 AM to 6:00 PM Eastern


Maintain expert knowledge of advanced persistent threats tactics, techniques, and procedures (TTPs) as well as forensics and incident response practices

Identify and hunt for emerging threat activity across all internal/external sources

Lead development and implementation of test plans to perform adversary emulation for the purposes of threat hunt

Conduct advanced analysis of network and endpoint alerts from various sources within the enterprise and determine possible causes of such alerts

Drive the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave

Lead coordination with intelligence analysts to correlate threat assessment data

Conduct advanced analysis of log files, evidence, and other information to determine best methods for detection of a network intrusion

Drive process to perform event correlation within the enterprise to identify security architecture gaps

Conduct advanced examination of network topologies to understand how data flows through the network

Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities

Lead process to perform tier 3 static malware analysis

Establish standards, taxonomy, and processes for threat hunt and detections

Perform other duties as assigned



Advanced experience in cybersecurity and/or information technology (IT) security

Advanced knowledge of security architectures, firewalls, proxies, and network topology required

Advanced skill in developing and deploying signatures

Advanced skill in using security event correlation tools

Advanced skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort)

Advanced skill in using virtual machines; setting up malware analysis workstation

Outstanding communication skills for reporting complex technical situations to various audiences, including executive leadership and nontechnical staff.

Advanced research, analytical, and problem-solving skills

Advanced skill working with all levels of management, supervisors, stakeholders and vendors

Expert skill in collaborating with other teams on time-sensitive incidents

Advanced skill in evaluating test plans for applicability and completeness

Advanced skill in deep analysis of captured malicious code (e.g., malware forensics)


Advanced skill in identifying gaps in technical capabilities

Advanced skill in using binary analysis tools

Advanced skill in relevant programming languages (e.g., C++, Python, etc.)

Advanced skill in testing and evaluating tools for implementation

Advanced experience with security tools related to enterprise log management, IDP/IDS, antivirus, firewalls, proxies, DLP, forensic analysis and SIEM

CISSP, CISA, CCSP or other related Information Security certifications

Advanced knowledge of IT security standards and frameworks (e.g., MITRE ATT&CK )

Advanced skill in analyzing audit log events for cloud technologies to facilitate development of cyber defense detections

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance RequirementApplicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.

Job Type
Full Time
69 days ago

Similar Jobs from Partners

Truck Driver $5000 Sign on Bonus!**

Ferrellgas / Greenville


Field Technician

Ferrellgas / Olive Branch


Senior Analyst/SOC Lead - REMOTE

XOR Security / Washington, District of Columbia, United States
69 days ago


Mid Level VSOC Night Shift Analyst - REMOTE

XOR Security / Washington, District of Columbia, United States
69 days ago


Cloud Security Engineer

XOR Security / Washington, District of Columbia, United States
69 days ago