[Remote] Incident Response Analyst (Remote)

Note: The job is a remote job and is open to candidates in USA. CrowdStrike is a global leader in cybersecurity dedicated to stopping breaches with their advanced AI-native platform. They are seeking a motivated Incident Responder to support the incident-response lifecycle and conduct in-depth investigations to identify and respond to security threats across the organization.

Responsibilities

• Take ownership of security incidents detected by CSIRT, identify and recommend improvements to enhance workflows, tools, and response effectiveness
• Participate in escalated incidents by gathering and analyzing evidence from logs, endpoint telemetry, and threat-intel sources; perform and adapt investigative or containment actions from playbooks—such as host isolation, phishing email removal —and confirm remediation
• Conduct in-depth research on incident response related topics that support team operations and improve investigative capabilities
• Maintain clear documentation of investigative steps, evidence, decisions, and project progress to support transparency and knowledge sharing
• Identify gaps in detection coverage, workflows, or tooling, and collaborate on new detection logic, playbook refinements, and automation opportunities
• Contribute to the creation and maintenance of runbooks, knowledge articles, and other deliverables that strengthen CSIRT’s incident response capabilities

Skills

• Demonstrated experience performing incident response from escalation through resolution, leveraging multiple data sources and coordinating with cross-functional teams
• Proficiency with EDR platforms (e.g., Falcon), SIEM/SOAR technologies, and network forensics tools (e.g., Zeek, Suricata, Wireshark) to support deep investigations
• Advanced investigative skills, including host- and network-level log analysis, endpoint telemetry review, and use of threat intelligence to determine scope and impact
• Strong knowledge of Windows, macOS, and Linux internals, as well as digital forensics techniques for memory, disk, and network artifact analysis
• Proven ability to conduct in-depth research on topics that support team operations and improve investigative capabilities, and to translate findings into actionable outcomes
• Solid understanding of network protocols (HTTP/S, DNS, SMTP, SMB, Kerberos) and the ability to analyze packet captures
• Strong written and verbal communication skills, with the ability to present investigative findings and recommendations to both technical and non-technical stakeholders
• Experience conducting cloud-focused incident response in AWS, Azure, or GCP environments
• Ability to design and deliver scenario-based training to enhance investigative skills and operational readiness
• A bachelor's or master's degree in Computer Science, Cybersecurity, Digital Forensics, or a related field is welcome — but not required. Candidates who can demonstrate equivalent, hands-on experience in incident response, threat research, or digital forensics will receive full consideration
• Applicable security certifications (e.g., GCFA, GREM, GNFA, GCTI)
• Advanced scripting or development experience (Python, PowerShell, Bash, or Perl) to create custom investigative tooling, automate complex data analysis, or integrate new data sources into investigative workflows
• Expertise as a SIEM power user, capable of executing advanced, investigation-driven searches, building specialized dashboards, and developing or refining high-fidelity detections
• Proven track record of publishing threat research, presenting at security conferences, or contributing to industry-wide knowledge sharing

Benefits

• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
• Vibrant office culture with world class amenities
• Great Place to Work Certified™ across the globe
• Health insurance
• 401k
• Paid time off

Company Overview

• CrowdStrike is a cybersecurity technology firm that provides cloud-delivered protection for cloud workloads, identity, and data. It was founded in 2011, and is headquartered in Sunnyvale, California, USA, with a workforce of 5001-10000 employees. Its website is http://www.crowdstrike.com.

Company H1B Sponsorship

• CrowdStrike has a track record of offering H1B sponsorships, with 116 in 2025, 62 in 2024, 91 in 2023, 60 in 2022, 49 in 2021, 22 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply tot his job Apply To this Job