Avnet is a global technology distributor and solutions company, and they are seeking a Cybersecurity Incident Response Analyst to enhance their incident response program. The role involves investigating cybersecurity incidents, supporting threat analysis, and improving detection and response processes while collaborating with a global team.
Investigates and responds to escalated cybersecurity incidents, including validation, scoping, containment, and recovery, while determining root cause, scope, and business impact
Analyzes activity across endpoint, network, cloud, and identity systems and correlates data across EDR, SIEM, and other telemetry sources to understand attacker behavior
Serves as an escalation point for SOC analysts by guiding investigations, improving triage quality, and helping ensure consistency in analysis
Performs proactive threat hunting using structured queries, threat intelligence, and observed activity to identify suspicious behavior beyond alert-driven detection
Identifies detection gaps and contributes to improving detections, use cases, workflows, and overall response quality
Maintains incident response playbooks, procedures, and investigation documentation, and develops clear incident reports and executive summaries for both technical and non-technical audiences
Takes ownership of investigative workstreams during complex incidents and, when needed, assumes the role of incident commander until relieved by senior staff
Participates in post-incident reviews and contributes to applying lessons learned to improve future detection and response
Other duties as assigned
Qualification
Required
Applicant must be a U.S. Person (for example, a U.S. citizen or lawful permanent resident / green card holder) eligible to access Controlled Unclassified Information (CUI)
Typically 1 to 3 years with bachelor's or equivalent
Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained
Strong written and verbal communication skills, including the ability to clearly explain what is happening, what it means, and what needs to happen next during active incidents
Ability to work effectively with SOC, engineering, infrastructure, and security teams to investigate and remediate threats
Demonstrates the ability to perform full investigations, including scoping, timeline reconstruction, root cause identification, and impact assessment
Experience operating within EDR and SIEM platforms and using multiple telemetry sources to conduct investigations
Ability to correlate activity across endpoint, identity, network, and cloud systems without relying on a single tool
Familiarity with MITRE ATT&CK and structured incident response practices aligned to frameworks such as NIST 800-61 Rev. 3
Experience improving detections, playbooks, or response workflows based on investigation findings and recurring patterns
Demonstrates the ability to take ownership during incidents and contribute to coordination or leadership of response activities
Preferred
Hands-on experience with the CrowdStrike Falcon platform (EDR, NG-SIEM, Fusion, or related modules) and familiarity with Falcon Query Language or LogScale is strongly preferred
Experience performing proactive threat hunting and identifying activity outside of alert-driven workflows
Experience improving detections, playbooks, or response workflows based on investigation findings and recurring patterns
Relevant certifications preferred but not required
Benefits
Generous Paid Time Off
401K and Pension Plan
Paid Holidays
Family Support (Paid Leave, Surrogacy, Adoption)
Medical, Dental, Vision, and Life Insurance
Long-term and Short-term Disability Insurance
Health Savings Account / Flexible Spending Account
Education Assistance
Employee Development Resources
Employee Wellness, Leadership Development and Mentorship Programs