Perform advanced incident response and host-based forensics across Windows and Linux, serve as Incident Commander during events, correlate host/network/intelligence telemetry to build timelines, map adversary TTPs to MITRE ATT&CK, validate alerts from SIEM/EDR/IDS, produce executive incident reports, support multi-agency SLTT response, and maintain 24x7 on-call readiness.
The Cyber Incident Response Analyst will support the Texas Cyber Command on the Cyber Incident Response project. This role is responsible for performing advanced incident response and forensic analysis across Windows and Linux environments. The candidate will serve as Incident Commander during cybersecurity events, coordinating response efforts and communicating with leadership and affected agencies. This position requires correlating host, network, and intelligence data to build complete incident timelines and produce executive-level reporting. The analyst will support multi-agency response operations, including coordination with State, Local, Tribal, and Territorial (SLTT) partners and critical infrastructure entities.
Responsibilities:
- Perform advanced incident response across Windows and Linux environments, including triage, containment, eradication, and recovery.
- Conduct host-based forensics, including log analysis, memory capture, file system review, and malware behavior analysis.
- Serve as Incident Commander during cybersecurity events, coordinating actions, documenting decisions, and communicating with leadership and affected agencies.
- Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings to MITRE ATT&CK.
- Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring tools.
- Produce incident reports, timelines, and executive summaries for statewide stakeholders.
- Support multi-agency response operations, including SLTT partners and critical infrastructure entities.
- Provide recommendations for detection improvements, hardening, and long-term mitigation.
- Participate in post-incident reviews, lessons learned, and playbook updates.
- Maintain readiness for 24x7 response through on-call rotation or surge support.
Requirements
Minimum Qualifications:
- 5 years of experience in advanced host-based forensics across Windows and Linux, including memory, disk, and malware analysis, using telemetry from NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and reconstruct attacker activity.
- 5 years of experience correlating host, network, and intelligence data from CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and NetWitness to build complete incident timelines.
- 5 years of experience producing high-quality incident reports and executive summaries using evidence collected from Gravwell, NetWitness, Corelight, and case management workflows.
- 4 years of experience with adversary TTPs, intrusion kill chains, and threat hunting methodologies using packet-level and log-level data from sources including Corelight, NetWitness, and CRIBL pipelines.
- 3 years of Incident Commander experience.
- 1 year of experience supporting SLTT or critical infrastructure environments, including multi-tenant incident response operations and cross-agency coordination.
Preferred Qualifications:
- 5 years of experience with threat intelligence platforms, including Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant, to enrich investigations, validate indicators, and map activity to MITRE ATT&CK.
- 5 years of hands-on experience using Cyware CSAP for incident orchestration, automated enrichment, case creation, and workflow execution across SIEM, IPS, EDR, and ticketing systems.
- 4 years of experience with security certifications such as CISSP, CIH, or Security+.
Additional Requirements:
- Candidate must be a U.S. citizen.
- Candidate must pass required background checks.
- Occasional after-hours support may be required with TXCC approval.
- Work must be performed from within the United States.
Work Location and Schedule:
Location: TXCC San Antonio office, 506 Dolorosa Street, San Antonio, TX 78204, or TXCC Austin office, 1001 North Loop, Austin, TX 78756.
Schedule: Monday through Friday, 8:00 AM to 5:00 PM, excluding State holidays. Candidate may be required to work outside normal business hours on weekends, evenings, and holidays as requested.
Work Arrangement: Hybrid - On Site and Telework.
Similar Jobs
Information Technology • Insurance • Professional Services • Software • Cybersecurity
The Cyber Analyst will conduct digital forensics and incident response, analyze evidence, develop incident reports, and provide training to insureds.
Top Skills:
Cloud SecurityCybersecurityDigital ForensicsIncident ResponseThreat Intelligence
Information Technology • Insurance • Professional Services • Software • Cybersecurity
Join At-Bay's DFIR team to handle incident investigations, recovery, and threat response while developing evidence and training for clients.
Top Skills:
AWSAzureCloud EnvironmentsDigital ForensicsEdrEppGoogleIncident ResponseUnix/LinuxWindows
.jpeg)
Artificial Intelligence • Hardware • Information Technology • Machine Learning
Join a verification team to ensure functional correctness of system-on-chip designs, using formal verification methods and tools for improved design quality.
Top Skills:
Common Power FormatJaspergoldPythonQuesta FormalSystemverilogTclUnified Power FormatVc FormalVerilog
What you need to know about the Austin Tech Scene
Austin has a diverse and thriving tech ecosystem thanks to home-grown companies like Dell and major campuses for IBM, AMD and Apple. The state’s flagship university, the University of Texas at Austin, is known for its engineering school, and the city is known for its annual South by Southwest tech and media conference. Austin’s tech scene spans many verticals, but it’s particularly known for hardware, including semiconductors, as well as AI, biotechnology and cloud computing. And its food and music scene, low taxes and favorable climate has made the city a destination for tech workers from across the country.
Key Facts About Austin Tech
- Number of Tech Workers: 180,500; 13.7% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Dell, IBM, AMD, Apple, Alphabet
- Key Industries: Artificial intelligence, hardware, cloud computing, software, healthtech
- Funding Landscape: $4.5 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Live Oak Ventures, Austin Ventures, Hinge Capital, Gigafund, KdT Ventures, Next Coast Ventures, Silverton Partners
- Research Centers and Universities: University of Texas, Southwestern University, Texas State University, Center for Complex Quantum Systems, Oden Institute for Computational Engineering and Sciences, Texas Advanced Computing Center
