Incident Response Analyst (Remote) jobs in United States
cer-icon
Apply on Employer Site
company-logo

CrowdStrike · 23 hours ago

Incident Response Analyst (Remote)

positionUnited States
timeFull-time
remoteRemote
seniorityMid Level
money$85K/yr - $120K/yr

CrowdStrike is a global leader in cybersecurity, dedicated to stopping breaches and protecting modern organizations. They are seeking a highly motivated Incident Responder to support the incident-response lifecycle, drive continuous process improvement, and conduct in-depth technical investigations to respond to security threats.

Artificial Intelligence (AI)Cloud Data ServicesCloud SecurityCyber SecurityNetwork Security
check
Growth OpportunitiesbadNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Take ownership of security incidents detected by CSIRT, identify and recommend improvements to enhance workflows, tools, and response effectiveness
Participate in escalated incidents by gathering and analyzing evidence from logs, endpoint telemetry, and threat-intel sources; perform and adapt investigative or containment actions from playbooks—such as host isolation, phishing email removal —and confirm remediation
Conduct in-depth research on incident response related topics that support team operations and improve investigative capabilities
Maintain clear documentation of investigative steps, evidence, decisions, and project progress to support transparency and knowledge sharing
Identify gaps in detection coverage, workflows, or tooling, and collaborate on new detection logic, playbook refinements, and automation opportunities
Contribute to the creation and maintenance of runbooks, knowledge articles, and other deliverables that strengthen CSIRT’s incident response capabilities

Qualification

Incident response experienceEDR platforms proficiencyNetwork forensics toolsAdvanced investigative skillsWindowsMacOSLinux knowledgeNetwork protocols understandingCloud incident responseScripting experienceResearch capabilitiesTraining deliveryCommunication skillsTeam collaborationDocumentation skillsProblem-solving

Required

Demonstrated experience performing incident response from escalation through resolution, leveraging multiple data sources and coordinating with cross-functional teams
Proficiency with EDR platforms (e.g., Falcon), SIEM/SOAR technologies, and network forensics tools (e.g., Zeek, Suricata, Wireshark) to support deep investigations
Advanced investigative skills, including host- and network-level log analysis, endpoint telemetry review, and use of threat intelligence to determine scope and impact
Strong knowledge of Windows, macOS, and Linux internals, as well as digital forensics techniques for memory, disk, and network artifact analysis
Proven ability to conduct in-depth research on topics that support team operations and improve investigative capabilities, and to translate findings into actionable outcomes
Solid understanding of network protocols (HTTP/S, DNS, SMTP, SMB, Kerberos) and the ability to analyze packet captures
Strong written and verbal communication skills, with the ability to present investigative findings and recommendations to both technical and non-technical stakeholders
Experience conducting cloud-focused incident response in AWS, Azure, or GCP environments
Ability to design and deliver scenario-based training to enhance investigative skills and operational readiness
A bachelor's or master's degree in Computer Science, Cybersecurity, Digital Forensics, or a related field is welcome — but not required. Candidates who can demonstrate equivalent, hands-on experience in incident response, threat research, or digital forensics will receive full consideration
Applicable security certifications (e.g., GCFA, GREM, GNFA, GCTI)

Preferred

Advanced scripting or development experience (Python, PowerShell, Bash, or Perl) to create custom investigative tooling, automate complex data analysis, or integrate new data sources into investigative workflows
Expertise as a SIEM power user, capable of executing advanced, investigation-driven searches, building specialized dashboards, and developing or refining high-fidelity detections
Proven track record of publishing threat research, presenting at security conferences, or contributing to industry-wide knowledge sharing

Benefits

Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe
Health insurance
401k
Paid time off

Company

CrowdStrike

twittertwittertwitter
Glassdoor4.2
company-logo
CrowdStrike is a cybersecurity technology firm that provides cloud-delivered protection for cloud workloads, identity, and data.
dateFounded in 2011
location
Sunnyvale, California, USA
people-size5001-10000 employees
web-link
http://www.crowdstrike.com

Funding

Current Stage
Public Company
Total Funding
$1.24B
Key Investors
ARK Investment ManagementAccelCapitalG
2022-12-01Post Ipo Equity· $4.6M
2021-01-12Post Ipo Debt· $750M
2019-06-12IPO

Leadership Team

leader-logo
George Kurtz
President / CEO & Founder
linkedin
leader-logo
Zeki Turedi
Field CTO Europe
linkedin

Recent News

WebProNews
CrowdStrike’s Sovereign Cloud Push Unlocks Middle East and India Growth
2026-01-23
The Motley Fool
Wall Street's Wild Week
2026-01-22
Business Wire
CrowdStrike Achieves ISO 42001 Certification for Responsible AI-Powered Cybersecurity
2026-01-22
Company data provided by crunchbase