Apply on Employer Site

Booz Allen Hamilton · 1 day ago

Incident Response Analyst, Mid

Bethesda, MD

Full-time

Hybrid

Entry, Mid Level

$62K/yr - $141K/yr

2+ years exp

Booz Allen Hamilton is seeking an Incident Response Analyst to join their Security Operations Center and Incident Response team. The role involves monitoring, detecting, investigating, and responding to cybersecurity threats while collaborating with federal stakeholders and producing high-quality reports.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Serve as a key member of a 24x7x365 Security Operations Center and Incident Response team, responsible for continuous monitoring, detection, investigation, and response to cybersecurity threats across enterprise networks, endpoints, applications, and security platforms

Perform incident response activities, such as alert and incident triage, log and artifact analysis, threat identification, containment support, and incident documentation while leveraging SIEM, EDR, IDS/IPS, SOAR, and forensic tools to validate and escalate security events

Contribute to the development of incident response playbooks and standard operating procedures, conduct proactive threat hunting using behavioral analytics and threat intelligence, and support continuous monitoring and assessment efforts to identify risks and strengthen detection capabilities

Collaborate closely with federal stakeholders, communicate findings to technical and non‑technical audiences, and produce high‑quality reports and briefings, all while helping to advance the maturity and effectiveness of the organization’s security operations

Qualification

Incident responseSIEMThreat huntingCybersecurity principlesCISSP certificationCommunication skillsTechnical documentation

Required

2+ years of experience in a Security Operations Center (SOC) performing incident response activities, including event triage, log and artifact analysis, threat identification, incident documentation, and coordination of response actions

Experience analyzing and responding to security events across enterprise networks, endpoints, applications, and security platforms, such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability management tools

Experience developing or contributing to incident response playbooks, workflows, or standard operating procedures

Experience with continuous monitoring and security assessment practices, including control evaluation and risk identification

Experience with security tools and investigative techniques used by SOC and incident response teams, such as packet analysis, log correlation, malware triage, and forensic imaging

Ability to communicate clearly with both technical and non-technical audiences

Ability to produce high‑quality incident reports, briefings, and technical documentation

Public Trust

Bachelor's degree

Preferred

Experience with enterprise security technologies, including SOAR platforms, and digital forensics solutions

Experience conducting threat hunting activities, leveraging behavioral analytics, threat intelligence, and anomaly detection to identify emerging threats

Knowledge of cybersecurity principles, including network security, endpoint security, identity and access management, and secure configuration baselines

Knowledge of modern application and infrastructure security concepts, such as container security, API security, and workload protection

Ability to build strong client relationships, collaborate across teams, and communicate complex technical concepts in a clear manner

CISSP, CySA+, GCIH, GSEC, CISSP certifications