Lead Incident Response Analyst

Full Time
Colorado Springs, CO
Areas of Interest: Incident Response
report a problem

The Lead Incident Response Analyst will manage the critical IT incident response efforts of the company to its clients and perform as a member of the IR team. This work includes both the development of the client’s IR preparedness capabilities and responding directly to critical incidents in a timely and professional fashion. Working together with the client’s IT administration the Lead IR Analyst will assist with the development of critical incident planning in the form of policy, procedures, plan testing, response planning, and training. The Lead IR Analyst will be responsible for providing trusted leadership and world-class service to the client during dynamic critical incidents. 


  • Craft IR preparedness doctrine for clients adhering to industry standards, best practices, and regulatory requirements.
  • Triage critical incidents and manage escalation through the incident lifecycle.
  • Establish response objectives and effectively communicate response strategy with the client.
  • Effectively respond to casework related to computer security vulnerabilities, phishing, malware, breach, insider threat, credential abuse, and more.
  • Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
  • Preserve, harvest, and process electronic data according to company policies, forensic best practices, and regulatory requirements.
  • Participate in forensic investigations as required, to include the collection, preservation of electronic evidence, analysis, and reporting.
  • Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management. 
  • Development and upkeep of IR team standard operating procedures.
  • Be familiar with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
  • Recognize and recommend effective process changes as needed to enhance client defense and response procedures.
  • Provide training to clients on all aspects of critical incident planning and response needed


  • Bachelor’s degree in Computer Science or directly related IT field. 
  • 4+ years of professional IT Security Incident Response experience.
  • Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols.
  • Experience conducting forensic media acquisition and analysis.
  • Experience in log file analysis.
  • Strong verbal and written communication skills.
  • Must be resourceful, creative, innovative, results driven, and adaptable.
  • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly.
  • Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies
  • Experience with host-centric tools for forensic collection and analysis (RegRipper, ProDiscover, SIFT, Encase, Sleuth Kit, etc.)
  • Strong IT infrastructure background including familiarity with the following: Snort, Wireshark, NMap
  • Experience with host based detection and prevention suites (McAfee EPO, OSSEC, Yara, MIR, CarbonBlack, Tanium, etc.)
  • Detailed understanding of APT, Cyber Crime and other associated tactics
  • Some experience with malware analysis (dynamic and static)
  • One or more applicable certifications including; CFCE, GCFE, OSCP, GCIA, CFE, CISSP or similar

No attachments will be accepted. Please email content of resume, references, work samples and preferred location (if applicable) by clicking on the apply button.

root9B is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity

Share this job:


Founded in 2011, root9B is a dynamic provider of cyber security and advanced technology training capabilities, operational support and consulting services. root9B’s personnel are internationally recognized and trusted providers of advanced cyber solutions, satisfying requirements for missions and enterprises globally. We are dedicated to the delivery of solutions and services based on technical innovation and professional excellence. 

root9B’s workforce consists of US military and Law Enforcement veterans with extensive experience providing advanced technology solutions. root9B offers world class cyber training capabilities, consulting services, and test range operations. root9B personnel understand the full spectrum of kinetic and non-kinetic effects and their impact to offensive and defensive cyber operations. We develop tactics, techniques, and procedures to advance operations through the use of cyberspace.

Vulnerability Assessments, Computer Network Operations, Computer & Mobile Forensics, Mobile Cyber Protection, Cyber Exercise, Curriculum, & Tool Development, SCADA Security Operations, Malware Analysis & Reverse Engineering, Data Breach Prevention & Remediation
Visit root9B's Social Media pages:
Company Industry: Information Technology and Services
Company Type: Public Company
Company Size: 11 - 50