Crowdstrike

Incident Response Analyst (Remote, ROU)

Romania

Not SpecifiedCompensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
CybersecurityIndustries

Position Overview

  • Location Type:
  • Job Type: Full time
  • Salary:

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

CrowdStrike is looking for a highly motivated, self-driven Incident Response Analyst to support the incident-response lifecycle—serving as the first line of defense within the CSIRT. In this role, you’ll triage incoming detections, enrich and investigate alerts, and take rapid action—live response, containment, or escalation—to keep adversaries at bay. You’ll work shoulder-to-shoulder with seasoned Incident Responders to drive continuous improvement across our world-class security team.

Are you interested in putting your hands-on technical skills to the test in detecting, containing, and remediating incidents? Are you self-motivated and looking for an opportunity to rapidly accelerate your skills? Are you ready to dive into logs, endpoint telemetry, and more to uncover the scope and severity of an event? Do you enjoy working around like-minded security professionals in a world class team who you can both learn from and mentor on a daily basis? Are you looking for a role where the detections you fine-tune today will block tomorrow’s attacks? Do you enjoy collaborating with a diverse, high-performing team and explaining technical risk to stakeholders who depend on your insights?

Responsibilities

  • Provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats.
  • Gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact.
  • Execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success.
  • Escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution.
  • Consistently meet or exceed response-time targets for critical and high-urgency tickets.
  • Record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations.
  • Identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity.
  • Participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.

Requirements

  • 1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment while working daily with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis.
  • Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.).
  • Solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP); able to interpret packet captures and network logs.
  • Proficiency with search/query languages (LQL, SPL, KQL, SQL etc.) to enrich alerts and investigate indicators, mapping findings to MITRE ATT&CK techniques.
  • Demonstrated experience responding

Skills

Incident Response
Alert Investigation
Live Response
Containment
Escalation
Log Analysis
Endpoint Telemetry
Security Operations
Threat Detection
Malware Analysis

Crowdstrike

Cloud-native endpoint security solutions provider

About Crowdstrike

CrowdStrike specializes in cybersecurity, focusing on protecting businesses from cyber threats through cloud-native endpoint security solutions. Their main product, the Falcon platform, includes services like Falcon Pro, which replaces traditional antivirus with next-generation antivirus that integrates threat intelligence, Falcon Insight for endpoint detection and response, and Falcon Device Control to manage connected devices. Unlike many competitors, CrowdStrike's services are subscription-based, allowing clients to choose different levels of protection based on their needs. The company serves a diverse clientele, including many Fortune 100 companies, and is recognized as a leader in the cybersecurity field, known for its effectiveness in threat detection and response.

Austin, TexasHeadquarters
2011Year Founded
$468MTotal Funding
IPOCompany Stage
Enterprise Software, CybersecurityIndustries
5,001-10,000Employees

Benefits

Competitive Employee Stock Purchase Plan
Remote-friendly culture
Market leader in compensation and equity awards
Competitive vacation and flexible working arrangements
Comprehensive health benefits + 401k plan
Paid Parental Leave, including adoption
Wellness programs
Professional development and mentorship opportunities
Open offices have stocked kitchens, coffee, soda and treats

Risks

Increased competition from companies like Lumos could challenge CrowdStrike's market share.
Recovery from last year's outage may still affect customer trust and future sales.
Pressure to demonstrate ROI by 2025 could challenge CrowdStrike's financial transparency.

Differentiation

CrowdStrike's Falcon platform offers cloud-native endpoint security solutions, a key differentiator.
The company serves 44 of the Fortune 100, showcasing its strong market presence.
CrowdStrike's proactive threat hunting sets it apart in cybersecurity threat detection.

Upsides

Partnership with SonicWall opens new SMB market segment for CrowdStrike.
Recognition as a leader in ransomware prevention boosts CrowdStrike's market credibility.
Gamified learning initiatives help address cybersecurity skills gap, benefiting future talent pipeline.

Land your dream remote job 3x faster with AI