Reuben Cooley, Inc.
Cybersecurity Incident Response Analyst
Reuben Cooley, Inc., Pontiac, Michigan, United States, 48340
Position Overview:
We are seeking a skilled
Cybersecurity Incident Response Analyst
to join our security operations team. The analyst will play a key role in
detecting, analyzing, and mitigating cybersecurity threats and incidents
, ensuring the confidentiality, integrity, and availability of enterprise systems and data. This role requires both
offensive (red team)
nd
defensive (blue team)
expertise to proactively identify vulnerabilities and effectively respond to threats.
Key Responsibilities: Monitor, detect, and respond to security incidents using
SIEM, IDS/IPS, and incident response platforms
. Investigate and analyze suspicious activity across endpoints, networks, and applications. Manage and administer
Endpoint Privilege Management (EPM)
nd
Privileged Access Management (PAM)
tools to safeguard sensitive accounts and systems. Perform threat hunting, malware analysis, and forensic investigations to determine root cause and impact. Collaborate with IT, cloud, and security teams to contain and remediate threats. Conduct
post-incident reviews
nd recommend improvements to enhance incident response processes. Develop and maintain incident response playbooks, runbooks, and documentation. Utilize
scripting (Python, PowerShell)
to automate repetitive response and analysis tasks. Participate in
red team exercises
to simulate real-world attacks and improve detection/response capabilities. Support compliance with organizational and regulatory security standards. Required Skills & Qualifications:
4-6 years of cybersecurity experience, with at least 3 years in
incident response, SOC, or security operations
. Hands-on experience with
SIEM platforms
(Splunk, QRadar, Sentinel, ArcSight). Strong knowledge of
IDS/IPS systems, log analysis, and forensic tools
. Experience with
PAM/EPM tools
such as CyberArk, BeyondTrust, or Endpoint Privilege Manager. Proficiency in
Python, PowerShell, or other scripting languages
for automation. Familiarity with
ttack tactics (red team)
nd
defensive security measures (blue team)
. Understanding of cybersecurity frameworks (NIST, MITRE Telecommunication&CK, ISO 27001, etc.). Strong problem-solving, analytical thinking, and communication skills. Preferred Qualifications:
Relevant certifications:
GCIA, GCIH, CEH, OSCP, CISSP, or Security+
. Experience with forensic analysis and advanced threat detection. Prior work in government, finance, or large enterprise environments.
Cybersecurity Incident Response Analyst
to join our security operations team. The analyst will play a key role in
detecting, analyzing, and mitigating cybersecurity threats and incidents
, ensuring the confidentiality, integrity, and availability of enterprise systems and data. This role requires both
offensive (red team)
nd
defensive (blue team)
expertise to proactively identify vulnerabilities and effectively respond to threats.
Key Responsibilities: Monitor, detect, and respond to security incidents using
SIEM, IDS/IPS, and incident response platforms
. Investigate and analyze suspicious activity across endpoints, networks, and applications. Manage and administer
Endpoint Privilege Management (EPM)
nd
Privileged Access Management (PAM)
tools to safeguard sensitive accounts and systems. Perform threat hunting, malware analysis, and forensic investigations to determine root cause and impact. Collaborate with IT, cloud, and security teams to contain and remediate threats. Conduct
post-incident reviews
nd recommend improvements to enhance incident response processes. Develop and maintain incident response playbooks, runbooks, and documentation. Utilize
scripting (Python, PowerShell)
to automate repetitive response and analysis tasks. Participate in
red team exercises
to simulate real-world attacks and improve detection/response capabilities. Support compliance with organizational and regulatory security standards. Required Skills & Qualifications:
4-6 years of cybersecurity experience, with at least 3 years in
incident response, SOC, or security operations
. Hands-on experience with
SIEM platforms
(Splunk, QRadar, Sentinel, ArcSight). Strong knowledge of
IDS/IPS systems, log analysis, and forensic tools
. Experience with
PAM/EPM tools
such as CyberArk, BeyondTrust, or Endpoint Privilege Manager. Proficiency in
Python, PowerShell, or other scripting languages
for automation. Familiarity with
ttack tactics (red team)
nd
defensive security measures (blue team)
. Understanding of cybersecurity frameworks (NIST, MITRE Telecommunication&CK, ISO 27001, etc.). Strong problem-solving, analytical thinking, and communication skills. Preferred Qualifications:
Relevant certifications:
GCIA, GCIH, CEH, OSCP, CISSP, or Security+
. Experience with forensic analysis and advanced threat detection. Prior work in government, finance, or large enterprise environments.