Incident Response Analyst (Remote, ROU)

Position Overview

• Location Type:
• Job Type: Full time
• Salary:

CrowdStrike is a global leader in cybersecurity, protecting people, processes, and technologies that drive modern organizations. Our mission is to stop breaches, and we have redefined modern security with the world’s most advanced AI-native platform. We are a mission-driven company that cultivates a culture of flexibility and autonomy, empowering every CrowdStriker to own their careers. We seek talented individuals with passion, innovation, and a commitment to our customers, community, and each other.

About the Role

CrowdStrike is seeking a highly motivated Incident Response Analyst to support the incident-response lifecycle as the first line of defense within the CSIRT. This role involves triaging incoming detections, enriching and investigating alerts, and taking rapid action (live response, containment, or escalation) to counter adversaries. You will collaborate with experienced Incident Responders to enhance our security team.

Are you interested in:

• Applying hands-on technical skills to detect, contain, and remediate incidents?
• Accelerating your skills in a self-motivated environment?
• Diving into logs, endpoint telemetry, and more to determine the scope and severity of events?
• Working with like-minded security professionals in a world-class team for learning and mentorship?
• Fine-tuning detections that will block future attacks?
• Collaborating with a diverse, high-performing team and communicating technical risks to stakeholders?

Responsibilities

• Provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats.
• Gather evidence from logs, host telemetry, and threat-intelligence feeds to determine scope, severity, and business impact.
• Execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success.
• Escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps, while remaining engaged through resolution.
• Consistently meet or exceed response-time targets for critical and high-urgency tickets.
• Record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations.
• Identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity.
• Participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.

Requirements

• 1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment.
• Daily experience with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis.
• Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.).
• Solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP); ability to interpret packet captures and network logs.
• Proficiency with search/query languages (LQL, SPL, KQL, SQL, etc.) for alert enrichment and indicator investigation, mapping findings to MITRE ATT&CK techniques.
• Demonstrated experience responding to h