Cyber Incident & Threat Analyst #3280

Cyber Incident & Threat Analyst Contract Length: 12+ months Location: Austin or San Antonio, Texas (Hybrid) The Cyber Incident & Threat Analyst will be on the front lines of some of the highest stakes cybersecurity work in the state, hunting adversaries across Windows and Linux environments, reconstructing attacks from raw telemetry, and stepping up when chaos needs a calm, decisive voice. This is not a desk job watching dashboards. It is hands‑on forensic investigation, real‑time decision making under pressure, and the kind of work that protects critical infrastructure. If memory dumps, MITRE ATT&CK mapping, and bringing order to chaos sound like your kind of work, this role was built for you. Qualifications / Requirements A strong forensic background spanning both Windows and Linux, comfortable working through memory captures, disk images, and malware artifacts to figure out what actually happened Skilled at pulling together signals from multiple sources, endpoint, network, and threat intelligence, into one coherent picture of an attack from start to finish A natural translator who can take a messy, technical investigation and turn it into a report or executive briefing that makes sense to non-technical leadership Genuine fluency in how attackers operate, intrusion patterns, kill chains, and the kind of threat hunting that goes beyond just watching alerts scroll by Has run point during a live incident before, not just supported one, and is comfortable being the voice people look to when things are uncertain Background working within state, local, tribal, or critical infrastructure environments where coordination across multiple organizations is part of the job Experience enriching investigations through threat intel platforms or using orchestration tools to automate case handling and response workflows Willingness and ability to participate in a 24x7 on‑call rotation, supporting active incidents when needed Duties / Responsibilities Take ownership of incidents from the moment they are identified through containment, cleanup, and full recovery, across both Windows and Linux systems Dig into the forensic evidence, memory, disk, file systems, and malware behavior, to piece together exactly what an attacker did and how Step into the Incident Commander seat when needed, making calls, keeping everyone aligned, and being the calm center of an otherwise chaotic situation Connect the dots between adversary behavior and known attack frameworks, building a clear picture of intent and method Sort through the noise from security tools to separate real threats from false alarms Turn technical findings into timelines, written reports, and summaries that leadership and stakeholders can action on Work alongside partner agencies and critical infrastructure organizations when an incident spans more than one organization Spot opportunities to close gaps with better detection, tighter defenses, or smarter long‑term fixes Help the team get sharper after every incident, contribute to lessons learned and keep response playbooks current Stay ready to jump in around the clock when something urgent comes up Genius Road, LLC is proud to be a Certified Women’s Business Enterprise, an Equal Opportunity Employer and values diversity. All employment is decided on the basis of qualifications, merit and business need. #J-18808-Ljbffr Genius Road, LLC