Principal Incident Response Analyst
Remote - South Carolina - USA
We are looking for an accomplished, high-performing Principal Incident Response Analyst for our Threat Detection & Response team with experience performing digital forensics, incident response, and threat hunting. The Principal Incident Response Analyst is responsible for ensuring the confidentiality, integrity, and availability of critical information and IT assets. This role requires a deep understanding of cybersecurity principles, incident response methodologies, digital forensics, and the ability to work efficiently under pressure.
What you'll do:
Conduct in-depth analysis of security events and indicators to determine the nature and severity of incidents.
Respond promptly to security incidents, following established incident response procedures.
Coordinate and collaborate with cross-functional teams to contain and mitigate cyber threats effectively.
Perform forensic investigations to determine the root cause of incidents and develop appropriate remediation strategies.
Lead regular threat hunt activities to identify and investigate gaps in detection.
Utilize threat intelligence and industry best practices to enhance incident detection capabilities.
What you'll bring:
5+ years of cyber incident response experience in a large and complex environment. Relevant industry certifications are highly desirable (CISSP, GCIH, GFCA, GREM, ECIH).
Subject matter expertise with security tools and technologies, such as SIEM, IDS/IPS, EDR, and network monitoring solutions.
Strong knowledge of incident response methodologies, including containment, eradication, recovery, and common security frameworks (NIST, SANS, CSA).
Ability to acquire and analyze endpoint and network artifacts, volatile memory, malicious files/binaries and scripts.
Experience with forensic tools, such as Encase, FTK, Axiom, Velociraptor, KAPE, EZtools, Autopsy, and THOR to carry out digital forensic investigations.
Collaborate with other forensic analysts, law enforcement officers, and legal experts to identify methods and procedures for recovery, preservation, and presentation of computer evidence, ensuring proper precautions are taken in the preservation and prevention of spoliation of electronic evidence.
#LI-REMOTE
Stay up to date on everything Blackbaud, follow us on Linkedin, Twitter, Instagram, Facebook and YouTube
Blackbaud is a remote-first company which embraces a flexible remote work culture. Blackbaud supports hiring and career development for all roles from the location you are in today!
Blackbaud is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.
To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.
A notice to candidates: Recruitment Fraudulent Alert: Your personal information and online safety as a candidate mean a lot to us! At Blackbaud and our portfolio of companies, recruiters only direct candidates to apply through our official careers page at https://careers.blackbaud.com/us/en or our official LinkedIn page. Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers, or conduct interviews via Skype. Anyone suggesting otherwise is not a representative of Blackbaud. If you are unsure if a message is from Blackbaud, please email blackbaudrecruiting@blackbaud.com.
The starting base pay is $101,900.00 to $132,800.00. Blackbaud may pay more or less based on employee qualifications, market value, Company finances, and other operational considerations.Benefits Include:
Medical, dental, and vision insurance
Remote-first workforce
401(k) program with employer match
Flexible paid time off
Generous Parental Leave
Volunteer for vacation
Opportunities to connect to build community and belonging
Pet insurance, legal and identity protection
Tuition reimbursement program
Job Profile
Career development Career development support Dental Diverse and inclusive work environment Equal opportunity employer Flexible paid time off Flexible remote work Flexible remote work culture Generous parental leave Medical Medical, dental, and vision insurance Opportunities to connect to build community and belonging Parental leave Pet Insurance Pet insurance, legal and identity protection Remote-first company Remote-first workforce Remote work Tuition reimbursement Tuition reimbursement program Vision Insurance Volunteer for vacation
Tasks- Conduct analysis of security events
- Coordinate with teams
- Lead threat hunt activities
- Perform forensic investigations
- Respond to security incidents
- Utilize threat intelligence
Autopsy Axiom CSA Cybersecurity Cybersecurity Principles Development Digital Forensics EDR EnCase EZTools Forensic tools FTK IDS Incident Response Incident response methodologies IPS KAPE Network Monitoring NIST Presentation Remote work SANS Security Tools SIEM Teams THOR Threat Hunting Tools Velociraptor
Experience5 years
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9