CrawlJobs Logo
Booz Allen Hamilton Logo Booz Allen Hamilton · IT - Software Development

Cybersecurity Incident Handler

United States, San Antonio 69400.00 - 158000.00 USD / Year · Job Posted January 04, 2026
Apply Position
Job Link Share

Job Description

As a security operations center analyst, you’re in the middle of the action, responding to and mitigating threats in real time. You’re the first line of cyber defense for your organization, and they look to you for guidance on best practices and security measures. We need a SOC analyst like you to help us secure critical infrastructure from the constant onslaught of cyber-attacks.

Job Responsibility

  • Monitor and analyze threats using state-of-the-art tools
  • Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact
  • Analyze incidents to figure out just how many systems are affected and assist recovery efforts
  • Combine threat intelligence, event data, and assessments from recent events, and identify patterns to understand attackers’ goals to stop them from succeeding

Requirements

  • Experience in cybersecurity
  • Experience in a security operations center, including incident response activities such as analysis of artifacts, writing incident reports, and triaging of security events
  • Knowledge of cyber threat intelligence, digital forensics, red teaming, threat hunt, cloud incident response, counterintelligence, and detection engineering
  • Knowledge of cybersecurity standards and the implementation of industry best practices
  • Knowledge of external standards, including ISO 22301, ISO 22317, and NIST guidelines such as NIST 800-53 or NIST 800-61
  • Ability to work a rotating shift schedule supporting a 24/7 environment
  • TS/SCI clearance
  • HS diploma or GED
  • DoD 8140 Baseline Level II Certification

Nice to have

  • Experience using Microsoft Office products
  • Experience with cyber technologies and capabilities, including continuous monitoring, incident response, advanced threat hunt, secure Cloud and mobile capabilities, ongoing assessment, digital forensics, and threat hunt
  • Experience with Cloud and DevSecOps
  • Experience with cloud native technologies across Cloud Service Providers such as AWS Guard Duty, Azure Defender for Cloud, AWS Macie, or Google Security Command Center
  • Experience with cybersecurity tools and solutions such as Microsoft Defender for Endpoint, Corelight, Suricata or Snort, Palo Alto and Cisco firewalls, Archer Case Management, ServiceNow, Threat Connect, Splunk Enterprise Security, Splunk SOAR, Cofense, IronPort Mail Gateways, or Microsoft G5 Defender suite
  • Experience supporting information assurance, networking, or systems administration

What we offer

  • Health, life, disability, financial, and retirement benefits
  • Paid leave
  • Professional development
  • Tuition assistance
  • Work-life programs
  • Dependent care
  • Recognition awards program
Booz Allen Hamilton - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Cybersecurity Incident Handler

8 matching positions

Cybersecurity Incident Handler

As a Cybersecurity Incident Handler, you’ll take the lead on investigating and m...
Location
Location
United States , Morristown
Salary
Salary:
86000.00 - 109250.00 USD / Year
zelis.com Logo
Zelis
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor of Computer Science, Engineering, Information Security, Information Technology, or 4+ years of equivalent experience
  • 3+ years of enterprise level incident handling
  • Ability to partner with enterprise teams within a cybersecurity context
  • Effective oral and written communication skills with experience in cybersecurity technical process documentation
  • Demonstrated cyber defense and information security passion
  • Proven record of thought leadership via innovation and non-traditional solutions
  • Fundamental understanding of IT Security practices/programs/tooling, with demonstrated examples of driving initiatives forwards
Job Responsibility
Job Responsibility
  • Incident Analysis & Handling: Triage alerts, investigate suspicious activity, lead incident response steps, and coordinate containment and recovery efforts
  • Data Collection & Normalization: Make sure logs and security data are gathered correctly, cleaned up, and organized so the team can analyze them effectively
  • Digital Forensics: Examine systems, files, logs, and network data to understand what happened during security events
  • Mentoring & Training: Help newer analysts grow by sharing your experience, offering guidance, and running training sessions when needed
  • Technical / Process Guidance: Assist team members with technical questions, tool usage, investigation methods, and established response workflows
  • Shift Leadership: Act as the point person during your shift: manage workload, oversee investigations, ensure smooth handoffs, and support teammates. Participate in a rotating on-call schedule as required
  • Innovation: Look for opportunities to improve processes, recommend new tools or automations, and help refine how the team operates
What we offer
What we offer
  • 401k plan with employer match
  • flexible paid time off
  • holidays
  • parental leaves
  • life and disability insurance
  • health benefits including medical, dental, vision, and prescription drug coverage
  • Fulltime
Read More
Arrow Right

Senior Incident Handler - Security Incident Response Team

As an Expert Security Analyst – Incident Coordinator, you will take a leadership...
Location
Location
Netherlands , Veldhoven
Salary
Salary:
Not provided
asml.com Logo
ASML
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field
  • 7+ years experience in advanced cybersecurity roles
  • Experience working with stakeholders in a complex organization
  • Proven record of influencing upper management towards security best practices
  • Expertise in Security Monitoring, Log Analysis, and Threat Hunting
  • Deep knowledge of Endpoint, Network, OT, Information and Cloud Security
  • Certifications – CISSP, GCIH, GCFA, CISM preferred
Job Responsibility
Job Responsibility
  • Security Monitoring – monitor security alerts for malicious activity or anomalies, ensuring swift response
  • Incident Handling – Lead investigations into high-profile, complex, or advanced persistent threats (APTs)
  • Threat Hunting – Proactively search for hidden threats and improve detection capabilities
  • Incident Analysis – Correlate data across multiple sources to detect sophisticated attack patterns
  • Detection & Response Optimization – Develop advanced detection techniques and security automation strategies
  • Technology Leadership – Act as an SME for SecOps tools and threat domains
  • Mentorship & Training – Provide guidance and mentorship to analysts at all levels
  • Fulltime
Read More
Arrow Right

Incident Handler II

Location
Location
United States
Salary
Salary:
Not provided
rapid7.com Logo
Rapid7
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A customer-first mindset
  • Strong written and verbal communication skills
  • A passion for continuous learning and growth in the cybersecurity field
  • Accountability for your work and investigations
  • 3-4 years of experience in a cybersecurity-related role, with SOC and/or SIEM analysis experience preferred
  • Proficiency with analyzing forensic artifacts to determine root cause across Windows environments
  • Understanding of core operating system concepts across Windows, macOS/Darwin, and Linux
  • A solid grasp of how threat actors operate
  • Experience with static and/or dynamic malware analysis
  • Familiarity with MITRE ATT&CK Framework and its application to investigation reporting and threat analysis
Job Responsibility
Job Responsibility
  • Conduct end-to-end investigations into malicious activity on workstations, servers, and cloud environments, including scoping, timeline analysis, root-cause identification, and documentation in support of Rapid7’s Incident Response team
  • Own complex investigations that require delegation, cross-team collaboration, and direct customer communication, serving as the escalation point for advanced and high-severity incidents
  • Partner with Cybersecurity Advisors to communicate investigation findings, respond to client Requests for Information, and deliver clear remediation and mitigation recommendations
  • Prepare detailed Incident Reports mapped to MITRE ATT&CK, incorporating forensic, malware, and root-cause analysis for every investigation you complete
  • Share threat intelligence with peers and contribute new detection opportunities to Rapid7’s Threat Intelligence and Detection Engineering teams to continuously strengthen our collective defenses
  • Participate in customer engagement opportunities and team projects that drive positive outcomes for the MDR service and the customers we protect
  • Triage alerts using Rapid7’s InsightIDR SIEM, identify potential compromises, and escalate findings to customers as needed
  • Fulltime
Read More
Arrow Right

Incident Handler II, Detection & Response Services

We are looking for people with a passion for investigation and forensic analysis...
Location
Location
United States , VA
Salary
Salary:
Not provided
rapid7.com Logo
Rapid7
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3-4 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)
  • Dedication to putting each customer's needs and concerns at the forefront of all decision making
  • Understanding of core operating system concepts in Windows, MacOS/Darwin, and Linux - this includes at least an understanding of common internal system tools and directory structures
  • Proficiency with analyzing forensic artifacts to determine root cause analysis in investigation - Windows largely preferred, but bonus points for experience with Linux, AWS, Azure, and GCP
  • A fundamental understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration
  • Effective verbal communication skills that foster collaboration between the MDR SOC and the Incident Response team
  • Strong written communication skills
  • Some experience with static and dynamic malware analysis
  • Passion for continuous learning and growth in the cybersecurity world
Job Responsibility
Job Responsibility
  • Conduct investigations into a variety of malicious activity on workstations, servers, and in the cloud
  • Investigate all levels of incidents, including Incident Response engagements in which you will provide analysis assistance to Rapid7's Incident Responders, including scoping, timeline analysis, finding IAV, and helping update documents as needed
  • Own complex investigations that may need various levels of delegation, customer communication, documentation, and collaboration across teams
  • Be an escalation point for complex and advanced incidents
  • Communicate with Cybersecurity Advisors regarding investigation findings, Requests For Information from clients, and remediation and mitigation recommendations
  • Directly communicate with customers regarding investigation findings or to assist in driving an investigation forward as needed
  • Prepare Incident Reports for each minor incident investigation you complete, which follow MITRE's ATT&CK Framework and include your own forensic, malware, and root-cause analysis
  • Communicate with other analysts to share new intelligence regarding tactics, techniques, and trends utilized by threat actors
  • Provide continuous input to Rapid7's Threat Intelligence and Detection Engineering team regarding new detection opportunities
  • Assist in customer engagement opportunities pertaining to the function of your role in the MDR service as necessary
  • Fulltime
Read More
Arrow Right

Cyber Security Engineer

Provide hands‑on cyber expertise across compliance, vulnerability management, in...
Location
Location
United States , Washington, DC
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree + 12 years of related experience
  • Master’s degree + 10 years of related experience
  • Ph.D. + 7 years of related experience
  • 15 years of related experience with no degree
  • Experience in: Cybersecurity assessments, incident response, and threat/risk/vulnerability analysis
  • Supporting complex networks/systems (including differing classification levels)
  • Applying the Risk Management Framework (RMF)
  • Strong written and verbal communication skills
  • ability to brief technical/non‑technical stakeholders
  • At least one active security certification, such as: Security+ CE, CySA+, CCNA Security, SSCP, CISSP (or Associate)
Job Responsibility
Job Responsibility
  • Conduct and review technical cybersecurity assessments
  • Identify vulnerabilities and non‑compliance with cybersecurity standards
  • recommend mitigations
  • Perform research, design evaluation, technical development, and system integration planning
  • Perform and maintain vulnerability scans
  • produce clear reports and metrics
  • Track and report IAVM (Information Assurance Vulnerability Management) compliance
  • Maintain a curated library of security audit tools and procedures for testing, internal audits, incident response, and diagnosis
  • Maintain Authorization to Operate (ATO) records and supporting artifacts
  • Manage and report POA&M (Plan of Action & Milestones) compliance
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • eligible to enroll in our company 401(k) plan
Read More
Arrow Right

Mid-Level Cyber Security Engineer

We are seeking a Mid-Level Cyber Security Engineer to provide expert cyber domai...
Location
Location
United States , Washington, DC
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Candidates must meet ONE of the following education/experience combinations: Bachelor’s degree + 12+ years of related experience
  • Master’s degree + 10+ years of related experience
  • Ph.D. degree + 7+ years of related experience
  • 15+ years of related experience without a degree
  • Technical Requirements: Experience conducting site surveys for IT equipment (racks, desktop PC environments)
  • Experience installing IT hardware in 24/7 operational environments
  • Strong understanding of: Cybersecurity assessments
  • Incident response
  • Risk & vulnerability assessment
  • Cyber threat analysis
Job Responsibility
Job Responsibility
  • Cyber Security Engineering & Analysis: Conduct and review complex cybersecurity assessments
  • Identify system vulnerabilities and areas of non‑compliance with cybersecurity standards
  • Recommend mitigation strategies and risk‑reduction approaches
  • Perform research, evaluation, and development in advanced cybersecurity areas
  • Security Operations & Monitoring: Perform and maintain vulnerability scans, generating clear reports for leadership
  • Track and report Information Assurance Vulnerability Management (IAVM) compliance
  • Support incident response teams with domain-specific expertise
  • Maintain a library of security audit tools and related testing processes
  • Risk Management & Compliance: Review and update Authorization to Operate (ATO) documentation
  • Manage and report Plan of Action & Milestones (POA&M) compliance
What we offer
What we offer
  • Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance
  • Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan
Read More
Arrow Right

Information Security Incident Response Analyst

The Information Security Incident Response Analyst supports clients during secur...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in incident response and digital forensics, with capability in host‑based, image, and log analysis
  • Experience using SIEM, EDR, IDS/IPS, and other security tools to triage, investigate, and respond to incidents
  • Ability to perform network analysis using tools such as Wireshark, tcpdump, and other tools
  • Experience in cybersecurity operations, consulting, DFIR services, or related technical security roles
  • Bachelor’s degree or equivalent experience in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred)
  • Relevant cybersecurity certifications such as SANS GIAC Security Essentials (GSEC) or equivalent preferred
  • SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred
  • SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred
  • Additional DFIR‑related certifications are considered a plus
  • Active UK Security Clearance is required
Job Responsibility
Job Responsibility
  • Investigates security incidents by performing host, disk, memory, network, and cloud forensic analysis under established processes and guidance
  • Analyzes artifacts across Windows, Linux, and macOS systems, helping reconstruct timelines and determine root cause
  • Supports clients through containment and recovery efforts by providing technical recommendations and clear communication
  • Participates in the team’s on‑call rotation for urgent incident response needs
  • Completes internal and client tasks such as tabletop exercises, IR readiness assessments, basic forensic reviews, and environment hardening support
  • Identifies observable gaps and risks within client environments and recommends improvements to strengthen security posture
  • Produces accurate documentation—including investigation notes, status updates, and final reports
  • Collaborates with global DFIR and other teams and stays current on threats, attacker techniques, and emerging forensic tools
  • Fulltime
Read More
Arrow Right

Senior Digital Forensics Incident Response Analyst

The Senior Information Security Incident Response Analyst leads complex incident...
Location
Location
South Africa , Johannesburg
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred)
  • Relevant GIAC or equivalent certifications such as: GSEC – Security Essentials GCIA – Certified Intrusion Analyst GCIH – Certified Incident Handler
  • Significant hands‑on experience in digital forensics and incident response across host, disk, memory, network, cloud, and mobile environments
  • Advanced experience using SIEM, EDR, IDS/IPS, packet analysis utilities, and forensic toolsets in active investigations
  • Advanced ability to analyze network traffic using tools such as Wireshark or tcpdump to distinguish normal and malicious behavior
  • Experience working in cybersecurity consulting, DFIR services, or equivalent technical security roles
  • Minimum of 5 years of experience in the technology information security industry
Job Responsibility
Job Responsibility
  • Investigates security incidents for clients by performing host, disk, memory, network, cloud, and mobile forensics
  • Conducts detailed artifact analysis across Windows, Linux, and macOS systems and reconstructs event timelines using disk images, memory captures, network data, and cloud logs
  • Guides clients through containment, eradication, and recovery activities, providing clear technical recommendations and communications
  • Acts as a senior escalation point for complex incidents and supports the development and mentoring of junior analysts
  • Participates in an on‑call rotation to support urgent, time‑sensitive incident response needs
  • Completes internal and client project work such as tabletop exercises, IR readiness engagements, environment hardening reviews, and forensic assessments
  • Identifies gaps and weaknesses in client environments and provides recommendations to reduce risk and strengthen posture
  • Produces accurate, concise documentation, including investigation notes, status communications, and final reports
  • Collaborates with global DFIR and cyber defense teams and maintains awareness of current threats, tactics, and forensic methodologies
  • Fulltime
Read More
Arrow Right