Incident Response Analyst

ABOUT SEVN-X

SEVN-X is a US-based cybersecurity consulting firm specializing in Digital Forensics and Incident Response, penetration testing, compromise assessments, and managed security services. Our team is made up of senior practitioners with deep, hands-on experience responding to real incidents across enterprise environments. We work with clients in financial services, healthcare, energy, manufacturing, and other regulated industries to find, contain, and understand threats before they become catastrophic. We do not outsource. Every engagement is staffed and executed by our own people.

ROLE SUMMARY

SEVN-X is looking for an experienced Incident Response Analyst to join our DFIR team. In this role you will work directly on client engagements responding to active incidents, conducting forensic investigations, and supporting threat hunting operations. You will work alongside senior examiners and analysts in a fast-paced consulting environment where no two cases are the same. Strong technical skills, professional report writing, and the ability to communicate findings clearly to both technical and executive audiences are essential.

RESPONSIBILITIES

• Respond to client security incidents including ransomware, business email compromise, insider threat, and network intrusions
• Conduct host-based and network-based forensic investigations using industry-standard tooling
• Perform forensic acquisition and analysis of disk images, memory captures, log data, and cloud artifacts
• Conduct threat hunting operations within client environments using EDR platforms and SIEM data
• Analyze Windows forensic artifacts including MFT, registry hives, event logs, LNK files, prefetch, and shellbags
• Document findings in clear, professionally written reports suitable for legal, executive, and technical audiences
• Communicate investigation status and findings to client stakeholders throughout the engagement lifecycle
• Support compromise assessments including deployment and review of endpoint detection tooling
• Maintain accurate case notes and chain of custody documentation throughout investigations
• Contribute to internal knowledge base, playbooks, and tooling development
• Stay current on threat actor TTPs, emerging attack techniques, and developments in the forensics and IR community

REQUIRED QUALIFICATIONS

• 2 to 5 years of hands-on experience in incident response, digital forensics, or a closely related function
• GIAC Certified Forensic Analyst (GCFA) certification required
• Demonstrated experience with the following tooling:
  • Magnet AXIOM for mobile and computer forensic acquisition and analysis
  • X-Ways Forensics for disk-level forensic examination and artifact analysis
  • CrowdStrike Falcon for EDR-based threat hunting, detection review, and incident scoping
  • SentinelOne for endpoint detection, response, and forensic data collection
  • Nextron THOR / THOR Lite for compromise assessment and IOC scanning
  • CyberTriage for rapid triage and automated incident scoping
  • Open source tooling including Hayabusa and Chainsaw for Windows event log analysis and threat hunting
• Strong working knowledge of Windows forensic artifacts and the investigative value of each
• Experience conducting IR investigations in Active Directory and Microsoft 365 environments
• Ability to read and interpret malware behavior, attacker TTPs, and MITRE ATT&CK framework mapping
• Professional report writing skills with the ability to produce clear, accurate, and well-organized findings documents under deadline
• Strong verbal communication skills and ability to present findings to non-technical stakeholders

PREFERRED QUALIFICATIONS

• Additional GIAC certifications such as GCFE, GCTI, GREM, or GCIA
• Experience with cloud forensics in AWS, Azure, or Microsoft 365 environments
• Familiarity with DFIR case management platforms such as DFIR-IRIS or similar
• Experience supporting legal matters including civil litigation, regulatory investigations, or law enforcement referrals
• Working knowledge of Velociraptor, Kape, or similar rapid triage and artifact collection frameworks
• Scripting or automation experience in Python or PowerShell for forensic and IR workflows
• Familiarity with network forensics including PCAP analysis and NetFlow review
• Experience in a consulting or professional services environment
• Exposure to log aggregation platforms such as Elastic, Splunk, or Microsoft Sentinel 

WHAT WE OFFER

• Competitive compensation commensurate with experience
• Exposure to a wide range of client environments, industries, and incident types
• Collaborative team of senior practitioners who take the work seriously
• Support for professional development and certification advancement
• A firm that does not outsource and does not cut corners

SEVN-X is an equal opportunity employer. All applicants must be authorized to work in the United States. This position may require occasional travel to client sites.