Welcome page

Cyber Incident Response Analyst

Location US-TX-San Antonio
Job ID
2026-7962
# Positions
1
Experience (Years)
5
Category
Security
Deadline Date
7/8/2026
Duration (Hours)
2080
Duration (Months)
12
Visa Restrictions
Authorized to work in the US

Overview

Texas GovLink, Inc. is an Austin-based firm which has been a leading provider of technical and business professionals to clients in Texas. We are currently seeking an experienced Cyber Incident Response Analyst to be a key resource on a technical services team.

 

Texas GovLink offers its family of consultants excellent rates, a local support staff, and an attractive benefits package which includes medical insurance (TGL shares a percentage of the cost), life insurance, a matching 401(k) plan and a cafeteria plan.

Candidates selected for interview will be required to undergo criminal background checks and may be required to complete a drug screen in accordance with Federal and State Law.  Offers of Employment are contingent on a successful background check

Texas GovLink is an equal opportunities employer.

Responsibilities

  • Perform advanced incident response across Windows and Linux environments, including triage, containment, eradication, and recovery.
  • Conduct host-based forensics, including log analysis, memory capture, file system review, and malware behavior analysis.
  • Serve as Incident Commander during cybersecurity events, coordinating actions, documenting decisions, and communicating with leadership and affected agencies.
  • Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings to MITRE ATT&CK.
  • Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring tools.
  • Produce incident reports, timelines, and executive summaries for statewide stakeholders.
  • Support multi-agency response operations, including SLTT partners and critical infrastructure entities.
  • Provide recommendations for detection improvements, hardening, and long-term mitigation.
  • Participate in post-incident reviews, lessons learned, and playbook updates.
  • Maintain readiness for 24x7 response through on-call rotation or surge support.

Qualifications

Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.

Years

Required/Preferred

Experience

5

Required

Advanced host‑based forensics across Windows and Linux, including memory, disk, and malware analysis, using telemetry from NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and reconstruct attacker activity.

5

Required

Ability to correlate host, network, and intelligence data from CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and NetWitness to build complete incident timelines.

5

Required

Experience producing high‑quality incident reports and executive summaries using evidence collected from Gravwell, NetWitness, Corelight, and case management workflows.

4

Required

Strong understanding of adversary TTPs, intrusion kill chains, and threat hunting methodologies using packet‑level and log‑level data from but not limited to Corelight, NetWitness, and CRIBL pipelines.

3

Required

Incident Commander experience

1

Required

Experience supporting SLTT or critical infrastructure environments, including multi‑tenant IR operations and cross‑agency coordination.

5

Preferred

Proficiency with threat intelligence platforms, including Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant, to enrich investigations, validate indicators, and map activity to MITRE ATT&CK.

5

Preferred

Hands‑on experience using Cyware CSAP for incident orchestration, automated enrichment, case creation, and workflow execution across SIEM, IPS, EDR, and ticketing systems.

4

Preferred

Security Certifications Preferred (CISSP, CIH, Sec+)

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.