CrowdStrike

Incident Response Analyst

CrowdStrike

full-time

Posted on:

Location Type: Remote

Location: CaliforniaDistrict of ColumbiaUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudDNSGoogle Cloud PlatformLinuxMacOSPerlPythonSMTP

About the role

  • Take ownership of security incidents detected by CSIRT, identify and recommend improvements to enhance workflows, tools, and response effectiveness.
  • Participate in escalated incidents by gathering and analyzing evidence from logs, endpoint telemetry, and threat-intel sources; perform and adapt investigative or containment actions from playbooks—such as host isolation, phishing email removal —and confirm remediation.
  • Conduct in-depth research on incident response related topics that support team operations and improve investigative capabilities.
  • Maintain clear documentation of investigative steps, evidence, decisions, and project progress to support transparency and knowledge sharing.
  • Identify gaps in detection coverage, workflows, or tooling, and collaborate on new detection logic, playbook refinements, and automation opportunities.
  • Contribute to the creation and maintenance of runbooks, knowledge articles, and other deliverables that strengthen CSIRT’s incident response capabilities.

Requirements

  • Demonstrated experience performing incident response from escalation through resolution, leveraging multiple data sources and coordinating with cross-functional teams.
  • Proficiency with EDR platforms (e.g., Falcon), SIEM/SOAR technologies, and network forensics tools (e.g., Zeek, Suricata, Wireshark) to support deep investigations.
  • Advanced investigative skills, including host- and network-level log analysis, endpoint telemetry review, and use of threat intelligence to determine scope and impact.
  • Strong knowledge of Windows, macOS, and Linux internals, as well as digital forensics techniques for memory, disk, and network artifact analysis.
  • Proven ability to conduct in-depth research on topics that support team operations and improve investigative capabilities, and to translate findings into actionable outcomes.
  • Solid understanding of network protocols (HTTP/S, DNS, SMTP, SMB, Kerberos) and the ability to analyze packet captures.
  • Strong written and verbal communication skills, with the ability to present investigative findings and recommendations to both technical and non-technical stakeholders.
  • Experience conducting cloud-focused incident response in AWS, Azure, or GCP environments.
  • Ability to design and deliver scenario-based training to enhance investigative skills and operational readiness.
Benefits
  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees regardless of level or role
  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
incident responselog analysisendpoint telemetrydigital forensicsnetwork forensicsthreat intelligencenetwork protocol analysiscloud incident responsescenario-based trainingautomation
Soft Skills
communicationcollaborationresearchdocumentationproblem-solvingtranslating findingsownershipadaptabilitytransparencyknowledge sharing