Staff CSIRT Analyst
Huntress
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About Huntress
Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service. We protect 4M+ endpoints and 7M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting.
What You'll Do as a Staff CSIRT Analyst
As a Staff CSIRT Analyst, you will be the cornerstone of Huntress’ internal security resilience. You will act as the primary internal escalation point from our SOC, ensuring we protect ourselves with the same rigor and products we use for our customers. In this role, you will strategize with leaders across multiple functions to identify work streams and own the end-to-end incident response lifecycle. You will guide teams, determine key milestones, and proactively anticipate blockers that could hinder our response capabilities.
Responsibilities
- Incident Response & Triage: Lead the identification, triage, and validation of security incidents through various telemetry sources, acting as the ultimate escalation point for the SOC.
- Strategic Preparedness: Drive organizational incident readiness by designing and executing practical response exercises (tabletops and purple teaming) to ensure first responders are prepared at all levels of our organization.
- Telemetry Optimization: Partner with engineering, product security, and detection engineering teams to tune existing telemetry sources to a high true-positive rate, reducing noise and increasing detection efficacy.
- Offensive Security Partnership: Collaborate closely with the Offensive Security team to identify visibility gaps and ensure proper coverage against modern threat actor TTPs. Partner with product security, engineering, detection engineering, and other applicable business units to close these gaps rather than treating them as a blocker.
- Continuous Improvement & Leadership: Lead cross-functional Post-Incident Reviews (PIRs) to extract critical lessons learned; own the lifecycle of resulting remediation tasks, driving specific tooling and process enhancements that harden organizational defenses and response against future threats.
- Stakeholder Communication: Develop and present comprehensive reports and "lessons learned" to stakeholders at all levels following major incidents or exercises.
- Documentation: Create and maintain playbooks, system configurations, and incident response standards to ensure scalability and supportability.
What You Bring To The Team
- Experience: 8+ years of experience in Incident Response, SOC Operations, or Digital Forensics (DFIR).
- Technical Expertise: Advanced knowledge of EDR/MDR platforms, log aggregation (SIEM/ELK), and cloud security environments (AWS/Azure/M365).
- Problem Solving: Proven ability to articulate the root cause of complex problems using first principles and translate insights into technical solutions.
- Strategic Thinking: Experience leading small project teams and aligning tech stacks across functions.
- Communication: Exceptional ability to convey complex technical incident details to both technical teams and executive leadership.
- Tooling: Familiarity with automation/SOAR platforms and documentation tools like Confluence, Jira, and Lucid Chart.
- Mindset: A proactive, forward-thinking approach to security with a passion for building "stewardship of culture" through inclusive and actionable security behaviors.
What Huntress Offers
- 100% remote work environment - since our founding in 2015
- Generous paid time off policy, including vacation, sick time, and paid holidays
- 12 weeks of paid parental leave
- Highly competitive and comprehensive medical, dental, and vision benefits plans
- 401(k) with a 5% contribution regardless of employee contribution
- Life and Disability insurance plans
- Stock options for all full-time employees
- One-time $500 reimbursement for building/upgrading home office
- Annual allowance for education and professional development assistance
- $75 USD/month digital reimbursement
- Access to the BetterUp platform for coaching, personal, and professional growth
Key skills/competency
- Incident Response
- SOC Operations
- Digital Forensics (DFIR)
- EDR/MDR Platforms
- SIEM/ELK
- Cloud Security (AWS/Azure/M365)
- Threat Actor TTPs
- SOAR Platforms
- Stakeholder Communication
- Strategic Preparedness
How to Get Hired at Huntress
- Research Huntress's mission: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor.
- Highlight incident response leadership: Showcase experience in end-to-end incident management and cross-functional leadership.
- Emphasize technical expertise: Detail proficiency with EDR, SIEM, and cloud security platforms like AWS/Azure/M365.
- Showcase strategic thinking: Provide examples of driving incident readiness, purple teaming, and aligning tech stacks.
- Demonstrate communication skills: Prepare to discuss conveying complex technical incidents to all organizational levels effectively.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background