Zachary Piper Solutions is seeking an Incident Response Analyst to join a high-impact cybersecurity team supporting the IRS Cyber Security Incident Response Center (CSIRC). This role offers a unique opportunity to work in a non-tiered SOC environment where analysts have full access to all systems and tools, enabling deep learning and hands-on experience across the entire incident response lifecycle. This position will be onsite in New Carrollton, MD!

QUALIFICATIONS FOR THE INCIDENT RESPONSE ANALYST INCLUDE:

• 2-6 years of cybersecurity experience in SOC/CIRT environments
• Strong incident handling and investigation skills; not screen watchers
• Experience with Splunk SPL (Search Processing Language) for querying and analysis
• Proficiency in packet capture (PCAP) analysis using tools like Wireshark
• Solid understanding of networking fundamentals (OSI model, TCP/IP, DNS, firewalls, etc.)
• Strong knowledge of Windows and Linux operating systems and kernel-level operations
• Ability to obtain IRS Public Trust clearance (MBI review required; can start after initial approval)

HIGHLY PREFERRED QUALIFICATIONS:

• Experience with attacker methodology, red teaming, or penetration testing
• Scripting experience (Python preferred) for automation and threat detection
• Experience correlating logs from multiple sources and developing detection rule
• SANS GIAC certifications (e.g., GCIH, GCIA, GPEN)
• Malware analysis and IoC extraction experience
• Passion for cybersecurity demonstrated through extracurriculars (CTFs, Hack The Box, cyber clubs, home labs)

• Analyze network log data using tools such as Splunk ES, FireEye, ZScaler, NetWitness, Wireshark, and Linux CLI
• Perform proactive threat intelligence analysis using OSINT tools and techniques
• Conduct incident response, signature tuning, and alert triage (AV/IDS/other)
• Investigate and document incidents, correlate logs across multiple systems, and identify adversary TTPs
• Develop alerting criteria and improve detection capabilities across Windows and Linux environments
• Collaborate on scripting, automation, content development, malware analysis, and IoC extraction
• Establish baselines for network traffic and data flow to identify anomalies
• Support customer communications, RFIs, and incident follow-ups