Incident Response Analyst [JOB ID 20230918

Phoenix Cyber
 Rockville, MD

Phoenix Cyber is looking for a Incident Response Analyst to join our client delivery team. This position is onsite at the client location in Rockville, MD.

  • Collaborate with the different teams to better understand the customer environment
  • Create, maintain and periodically evaluate standard operating procedures, playbooks, and hunt techniques
  • Utilize Threat Intelligence and Threat Models to formulate cyber threat hunt hypotheses and plans
  • Perform research and analysis of incidents, threats, vulnerabilities, TTPs and other malicious/non-malicious indicators and on technical and intel reports of cyber threat activities of interest.
  • Perform proactive and iterative searches on customer systems and network to detect advanced threats
  • Identify any anomalous/malicious behavior using cyber threat hunt plans and techniques and identify any defensive gaps in the customer environment
  • Create comprehensive cyber threat hunt reports which include sourced threat intelligence, threat hunt findings, limitations, risk analysis and presenting recommendations with prioritized mitigations.
  • Review operational detection mechanisms to assess security posture, recommend/develop new or custom security content to include signatures, alerts, workflows and automation to counter prospective threats and enable future hunts
  • Coordinate response, triage and escalation of any malicious events found with IR team

Minimum Proficiencies:

  • Expertise in network and host-based analysis and investigations
  • Experience in planning threat hunts
  • Understanding of complex Enterprise networks (routing, switching, firewalls, proxies, etc.)
  • Knowledge of common networking protocols (http, dns, smb, etc.)
  • Familiarization of Windows, Linux and MacOS operating systems
  • Proficient with scripting languages such as Python or PowerShell
  • *Familiarity with Splunk, Crowdstrike, Tanium


  • Bachelor’s Degree (Bachelor’s Degree may be substituted with additional 4+ years of experience as approved by Government)
  • 3+ years of experience with data hunting/manipulation/presentation.
  • Skill in generating queries and reports.
  • Ability to interpret and incorporate data from multiple tool sources.
  • Skill in conducting queries and developing algorithms to analyze data structures.
  • Experience with complex malware analysis
  • Skill in identifying common encoding techniques (e.g., Exclusive Disjunction [XOR], American Standard Code for Information Interchange [ASCII], Unicode, Base64, Uuencode, Uniform Resource Locator [URL] encode).
  • Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc.
  • Any 1 of: CISSP (associate), CCSP, SSCP, AND any from the CSSP Analyst, Infrastructure Support, or IR from the DOD 8570 list (or other similar certifications as approved by Government)
  • Able to pass a Government background investigation

Phoenix Cyber is a national provider of cybersecurity engineering services, operations services, sustainment services and managed security services to organizations determined to strengthen their security posture and enhance the processes and technology used by their security operations team.

Phoenix Cyber is an equal opportunity employer and complies with Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act (VEVRAA), all amendments to these regulations, and applicable executive orders, federal, and state regulations. Applicants are considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, and/or veteran status.

Phoenix Cyber participates in E-Verify to confirm the employment eligibility of all newly-hired employees. To learn more about E-Verify, including your rights and responsibilities, go to

Our clients may require a COVID-19 vaccination to be on contract. Vaccination and any required clearance and/or certifications need to be maintained for employment at Phoenix Cyber.