Incident Response Consultant, L1
Plano, Texas, United States of America
Full Time
2 weeks ago
H1B Sponsor
Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxPythonSplunkTCP/IPPowerShellAILLMGCPGoogle CloudGitGitHubVersion ControlCommunicationRemote Work
About this role
Role Overview
- Provide security consultation and incident response services to our managed security customers.
- Consult with customers on security events, providing analysis and recommendations for response actions tailored to their environment.
- Analyze security data across SIEM, EDR, and cloud platforms to identify threats and advise on appropriate countermeasures.
- Provide guidance to customers through the incident response lifecycle based on NIST 800-53 and SANS best practices.
- Investigate potential compromises and recommend remediation strategies appropriate to customer risk tolerance and business requirements.
- Advise customers on security best practices, control improvements, and risk mitigation approaches.
- Analyze emerging threats and vulnerabilities; provide recommendations on defensive measures.
- Document findings, recommendations, and consultation outcomes for customer delivery.
- Collaborate with senior consultants on complex engagements and escalate as appropriate.
Requirements
- 1-3 years of experience in security operations, incident response, or security consulting
- Prior SOC analyst or IR experience preferred
- Required certifications within 12 months: Microsoft Azure Security Technologies (AZ-500), Microsoft Security Operations Analyst (SC-200), Microsoft Identity and Access Administrator (SC-300)
- Certifications preferred: Security+, CySA+, CEH
- Associate’s or Bachelor’s Degree in Information Technology, Cybersecurity, or related field preferred.
- Linux and Windows Server administration fundamentals
- Familiarity with cloud platforms (Azure, AWS, GCP) and their security services
- Working knowledge of security tools: EDR, SIEM (Sentinel, Splunk, etc.), SOAR, and threat intelligence platforms
- Understanding of networking fundamentals, TCP/IP, and common attack techniques
- Ability to read and modify code (Python, PowerShell, KQL) for analysis and automation
- Working knowledge of git version control including branching, commits, and pull request workflows
- Proficiency with AI-assisted tools (Claude Code, GitHub Copilot, or equivalent) for accelerating security analysis and task automation
- Understanding of AI/LLM security risks including prompt injection, data leakage, and model limitations
- Ability to critically evaluate AI-generated outputs for accuracy and security implications
- Willingness to adopt agentic AI workflows and AI-augmented tooling as part of daily security operations
- Analytical mindset with ability to identify indicators of compromise and correlate events across data sources
- Strong communication skills with ability to convey technical concepts to diverse audiences
- Customer-focused with professional consulting demeanor.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- Linux
- Python
- Splunk
- TCP/IP
Benefits
- Comprehensive Benefits Including Medical, Dental, And Vision Insurance
- Life And Disability Coverage
- Paid Time Off
- Professional Development Support
- 401(K) With Employer Matching Contributions
- Tuition Reimbursement
- Flexible Schedules And Remote Work Options