Incident Response Analyst

Deepwatch

Incident Response Analyst leading investigations against cyber threats at Deepwatch. Collaborating with teams to secure environments and support incident response efforts.

Posted 4/24/2026full-timeTampa • Florida • 🇺🇸 United StatesMid-LevelSenior💰 $127,000 - $140,000 per yearWebsite

About the role

Key responsibilities & impact

Lead end-to-end incident response engagements within customer environments, driving rapid investigation, containment, and remediation of active threats
Conduct deep-dive forensic and malware analysis to uncover adversary tactics, techniques, and procedures (TTPs), translating findings into actionable intelligence
Proactively hunt for advanced threats through hypothesis-driven threat hunting across diverse data sources and telemetry
Triage and validate suspicious activity using a combination of open-source intelligence (OSINT), proprietary intelligence, and behavioral analysis
Own the documentation of incidents, ensuring clear, defensible reporting and timeline reconstruction within case management systems
Identify and operationalize new adversary techniques, tools, and tradecraft—scaling knowledge across the team to strengthen collective defense
Maintain a constant pulse on the evolving threat landscape, applying emerging intelligence to real-world investigations
Surface visibility gaps in logging, telemetry, and detection coverage, and partner with stakeholders to enhance overall security posture
Collaborate cross-functionally to develop and refine detection content, response playbooks, and threat intelligence outputs
Serve as a trusted advisor to customers, confidently guiding them through the full incident response lifecycle—from initial compromise to full remediation and recovery

Requirements

What you’ll need

Proven, hands-on experience leading incident response investigations, with the ability to independently scope, analyze, and drive complex engagements to resolution
A track record of operating in high-volume, high-complexity environments (e.g., MDR, MSSP, consulting, or enterprise IR teams), with exposure to a wide range of real-world incidents and adversary scenarios
Deep expertise with Endpoint Detection & Response (EDR) platforms such as SentinelOne, Microsoft Defender, and CrowdStrike, including advanced querying, triage, and response actions
Strong command of incident response methodologies and frameworks (e.g., NIST, PICERL), with the ability to apply them dynamically in fast-moving, ambiguous situations
Experience leveraging SIEM, SOAR, case management, and threat intelligence platforms to investigate, correlate, and respond to threats at scale
A solid understanding of attacker methodologies, including common and emerging tactics, techniques, and procedures (TTPs), with the ability to map activity to frameworks such as MITRE ATT&CK
Exceptional communication skills, with experience presenting technical findings and strategic recommendations to both technical teams and executive stakeholders
The ability to operate as a trusted advisor during high-pressure incidents—bringing clarity, structure, and confidence to customer engagements

Benefits

Comp & perks

Medical, dental, vision, and disability insurance
Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
Unique professional development benefits with Annual “development dollars” to support our people growth and development
Wellness contests and monthly educational programs
401(K) retirement program

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

incident responseforensic analysismalware analysisthreat huntingbehavioral analysisEDR platformsSIEMSOARMITRE ATT&CKincident response methodologies

Soft Skills

communicationleadershipproblem-solvingcollaborationadvisory skillsstrategic thinkingclarity under pressuredocumentationpresentation skillsteamwork