Cyber Incident Response Analyst, Senior

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.

Cyber Incident Response Senior Analyst

The Cyber Incident Response Senior Analyst will take the lead in responding to cyber incidents, conducting in-depth investigations, and implementing measures to prevent future occurrences. This role demands a comprehensive understanding of cybersecurity threats, strong technical expertise, exceptional problem-solving abilities, and the capacity to perform well under pressure. The ideal candidate will possess strong analytical skills, excellent communication abilities, and a passion for automation and orchestration. In addition, you will mentor junior team members, help develop incident response processes and documentation and drive continuous improvement in incident response practices. May require on-call rotation and after-hours support during critical incidents.

ESSENTIAL DUTIES:

• Incident Response & Investigation: Lead investigations into security incidents, analyzing evidence to identify the source, impact, and scope of threats. Develop and execute strategies for containment, eradication, and recovery. Prioritize incidents based on their potential impact and assist with decision-making during critical situations. Produce detailed post-incident reports, including recommendations for prevention and lessons learned.
   
• Threat Intelligence & Analysis: Monitor and analyze real-time threat intelligence feeds, identifying patterns and proactively detecting emerging threats and vulnerabilities. Use threat intelligence to enhance detection capabilities and strengthen defensive measures.
   
• Cross-Department Collaboration: Work closely with IT, legal, and other departments to address cybersecurity concerns. Provide technical guidance and support during incident recovery and prevention. Collaborate across teams to implement solutions that prevent future incidents.
   
• Incident Response Planning & Documentation: Assist in developing, reviewing, and continuously improving incident response policies, playbooks, and procedures. Ensure all incidents are documented in line with industry best practices and legal requirements.
   
• Mentoring & Leadership: Provide guidance, training, and mentorship to junior analysts and team members. Promote a collaborative and knowledge-sharing environment within the team.
   
• Other duties as assigned.

QUALIFICATIONS:

Required:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Relevant certifications such as CISSP, CISM, GCIH, CEH, GCFA, or GCIH.

Preferred:

• Master's degree in Information Security or a related field.

TECHNICAL/SOFT SKILLS

Required:

• Problem Solving: Strong critical and analytical thinking, especially in high-pressure situations.
• Collaboration: Team player with a collaborative mindset, eager to share knowledge and learn from others.
• Attention to Detail: Thorough in documenting incidents and tracking resolutions.
• Adaptability: Ability to adjust strategies in response to a rapidly evolving threat landscape.
• Forensic Expertise: Proficient in forensic tools and techniques such as Axiom Cyber, FTK, or similar.
• Security Technologies: Solid understanding of SIEM, firewalls, IDS/IPS, endpoint detection and response (EDR), and forensic analysis tools.

Preferred:

• In-depth knowledge of industry standards and frameworks (e.g., NIST, MITRE ATT&CK, SANS).
• Strong understanding of network protocols and operating systems (Windows, Linux). Experience with cloud security and incident response in cloud environments.
• Experience with advanced persistent threats (APT) and large-scale cyberattack investigations.
• Familiarity with security automation and orchestration tools.
• Knowledge of scripting languages such as Python or PowerShell.
• Experience with SIEM tools such as Sentinel, Splunk, ArcSight, or QRadar.
• Business Intelligence and Analytics
• Python or other methods to automate and orchestrate
• Applied neural network solutions

EXPERIENCE

Required:

• 5+ years of experience in cybersecurity, with at least 3 years in incident response or DFIR roles.

Preferred:

• Experience handling significant cyber incidents, particularly in the cloud

LEADERSHIP SKILLS

Required:

• Proven experience leading multidisciplinary teams through security incidents.
• Strong communication skills with the ability to influence both technical IT teams and senior leadership.
• Ability to mentor and guide junior analysts.

At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.

All applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law. 

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at [email protected].

RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate.

RSM will consider for employment qualified applicants with arrest or conviction records in accordance with the requirements of applicable law, including but not limited to, the California Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the San Francisco Fair Chance Ordinance. For additional information regarding RSM’s background check process, including information about job duties that necessitate the use of one or more types of background checks, click here.

At RSM, an employee’s pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.