Cybersecurity Analyst - Incident Response

Overview:
A large financial services customer based in Irvine, CA is seeking a Cyber Security Operations Analyst, focused on Incident Response. This individual will lead Incident Response, and act as a technical expert within the SOC. This team protects the organization from cyber threats. This role requires strong analytical skills, leadership in high-severity incidents, and deep knowledge of security tools and frameworks.

Responsibilities
• Lead and manage end-to-end security incident response, including detection, triage, containment, eradication, and recovery for incidents of all complexity levels.
• Act as incident commander for high-severity events, ensuring clear communication and timely resolution across internal teams and external partners.
• Collaborate with MSSP and internal stakeholders to validate escalations, refine detection logic, and maintain consistent workflows.
• Perform advanced threat detection, analysis, and hunting using SIEM, EDR, and telemetry tools, conduct root cause investigations and adversary emulation exercises.
• Develop and optimize queries, analytic rules, and automated playbooks to improve detection and response efficiency.
• Apply cybersecurity frameworks (MITRE ATT&CK, NIST CSF, NIST SP800-61r3) to ensure structured and repeatable investigation practices.
• Document and enhance incident response to playbooks and runbooks; produce detailed reports, post-incident reviews, and executive summaries.
Mentor junior analysts and contribute to SOC performance improvements through case reviews and metric analysis.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Bachelor’s degree in a related field preferred but not required.
• 5+ years of experience in a SOC or similar security environment.
• Expertise with SIEM, EDR, CSPM tools; strong skills in SQL/KQL/Cypher for data analysis.
• Proven ability to lead complex investigations and coordinate across technical and business stakeholders.
• Solid understanding of cybersecurity frameworks (MITRE ATT&CK, NIST CSF, NIST SP800-61r3).
• Excellent written and verbal communication skills; ability to translate technical findings into business-relevant narratives.
• Experience with log aggregation technologies and SIEM tuning processes.
Preferred: CISSP, GIAC Certified Incident Handler, or similar certifications; experience in the mortgage industry.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.