CSIRT Analyst

Reports to: Director of Product Security and Incident Response

Location: Remote US 

Compensation Range: $195,000 to $210,000 plus bonus and equity

What We Do:

Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference.

Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service.

We protect 4M+ endpoints and 7M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting.

As a Staff CSIRT Analyst, you will be the cornerstone of Huntress’ internal security resilience. You will act as the primary internal escalation point from our SOC, ensuring we protect ourselves with the same rigor and products we use for our customers. In this role, you will strategize with leaders across multiple functions to identify work streams and own the end-to-end incident response lifecycle. You will guide teams, determine key milestones, and proactively anticipate blockers that could hinder our response capabilities.

• Incident Response & Triage: Lead the identification, triage, and validation of security incidents through various telemetry sources, acting as the ultimate escalation point for the SOC.
• Strategic Preparedness: Drive organizational incident readiness by designing and executing practical response exercises (tabletops and purple teaming) to ensure first responders are prepared at all levels of our organization.
• Telemetry Optimization: Partner with engineering, product security, and detection engineering teams to tune existing telemetry sources to a high true-positive rate, reducing noise and increasing detection efficacy.
• Offensive Security Partnership: Collaborate closely with the Offensive Security team to identify visibility gaps and ensure proper coverage against modern threat actor TTPs. Partner with product security, engineering, detection engineering, and other applicable business units to close these gaps rather than treating them as a blocker. 
• Continuous Improvement & Leadership: Lead cross-functional Post-Incident Reviews (PIRs) to extract critical lessons learned; own the lifecycle of resulting remediation tasks, driving specific tooling and process enhancements that harden organizational defenses and response against future threats.
• Stakeholder Communication: Develop and present comprehensive reports and "lessons learned" to stakeholders at all levels following major incidents or exercises.
• Documentation: Create and maintain playbooks, system configurations, and incident response standards to ensure scalability and supportability.

• Experience: 8+ years of experience in Incident Response, SOC Operations, or Digital Forensics (DFIR).
• Technical Expertise: Advanced knowledge of EDR/MDR platforms, log aggregation (SIEM/ELK), and cloud security environments (AWS/Azure/M365).
• Problem Solving: Proven ability to articulate the root cause of complex problems using first principles and translate insights into technical solutions.
• Strategic Thinking: Experience leading small project teams and aligning tech stacks across functions.
• Communication: Exceptional ability to convey complex technical incident details to both technical teams and executive leadership.
• Tooling: Familiarity with automation/SOAR platforms and documentation tools like Confluence, Jira, and Lucid Chart.
• Mindset: A proactive, forward-thinking approach to security with a passion for building "stewardship of culture" through inclusive and actionable security behaviors. 

What We Offer: 

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans 
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees 
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance 
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are. 

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.  

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations: 

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to [email protected]. Please note that non-accommodation requests to this inbox will not receive a response. 

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote