Center for Internet Security, Inc.

Cyber Incident Response Analyst - Remote

Job Locations US
Cybersecurity Operations
Regular Full-Time


CIS (Center for Internet Security) is the trusted guide to confidence in the connected world. CIS collaborates with the global security community to lead both government and private-sector entities to security solutions and resources. CIS is an independent, not-for-profit organization.


The primary purpose of this position is to work as a member of the Multi-State-information Sharing and Analysis Center (MS-ISAC)/Elections Infrastructure-information Sharing and Analysis Center (EI-ISAC) Cyber Incident Response Team (CIRT) to help respond to cyber incidents impacting State, Local, Tribal and Territorial governments.

What You'll Do

  • Provide Incident Response, Computer Forensics, and Malware Analysis services to State, Local, Tribal, and Territorial (SLTT) governments, as well as internal teams at CIS
  • Perform forensic analysis on compromised systems to identify the extent and nature of the compromise and provide recommendations on remediation steps
  • Conduct incident response calls with SLTT governments
  • Prepare written technical reports to document the findings that result from both forensic analysis and incident response cases
  • Provide support and/or research for any security-related questions or incidents reported from MS-ISAC/EI-ISAC members
  • Assist with the analysis of previously undisclosed software and hardware vulnerabilities
  • Perform tasks independently with some oversight
  • Other tasks and responsibilities as assigned

What You'll Need

  • Bachelor’s degree in Digital Forensics, Cybersecurity, Computer Science, or a related field*
  • 1+ years’ experience in Incident Response, Forensics, and/or Malware Analysis
  • Knowledge of incident response protocols, processes, and techniques
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledge of adversarial tactics, techniques, and procedures
  • Knowledge of various host and network-based security controls
  • Familiarity with various operating systems, such as Windows, Linux, and MacOS
  • The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**
  • Must be eligible to obtain a National Security Clearance
  • Must be authorized to work in the United States

It's a Plus if You Have:

  • 1+ years' experience as a Security/Network Administrator or equivalent knowledge
  • Experience with scripting languages such as Bash, Perl, or Python
  • Experience delivering technical presentations and reports
  • Familiarity with various log types (e.g. Windows Event, Web server, Firewall logs, etc…)
  • Working knowledge of forensic methodologies and related tools such as FTK, EnCase, and SANS SIFT
  • Certifications in related areas (e.g. GCFE, GCFA, GNFA, GCIH, GREM, CCFE, CFCE, etc…)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.


**Factors that may cause a negative Fitness Review decision include:

  • Criminal Conduct
  • Dishonest Conduct
  • Employment Misconduct
  • Alcohol Abuse
  • Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.)
  • False Statements
  • Financial Issues
  • Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed