Incident Response Analyst - Defensive Operations (Bucharest)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

The Incident Response Defensive Operations (IRDO) team is seeking a detail-oriented, proactive Analyst to help drive strategic improvements to our Cybersecurity Incident Response program. This role is designed for someone who thrives at the intersection of operations, project management, and technical problem-solving.

You’ll work alongside Incident Response analysts and engineers to identify pain points in existing workflows, close capability gaps, and manage high-impact projects that enhance the efficiency, effectiveness, and overall analyst experience of the Cybersecurity IR team. You’ll also serve as a key liaison with our Threat Detection and Engineering (TIDE) team, ensuring smooth collaboration on detection engineering, automation, and improvements to our IR tooling.

As part of this role, you'll also contribute to the CSIRT Attack Surface Management program - an initiative focused on evaluating and improving the organisation’s ability to detect and respond to threats across critical domains including email, applications, networks, and endpoints.

What You'll Do:

• Analyse incident response workflows to identify inefficiencies and friction points; propose and implement improvements.

• Investigate operational and technical capability gaps - such as containment or access limitations and coordinate efforts to close them.

• Lead and support cross-functional projects aimed at improving IR tooling, processes, and analyst experience.

• Build or coordinate the development of workflow automations that reduce manual overhead and streamline response processes.

• Contribute to the CSIRT Attack Surface Management program by assessing detection coverage, visibility, and response readiness across key attack surfaces.

• Serve as the intermediary between the IR team and TIDE, translating analyst needs into actionable engineering requirements and helping prioritize improvements.

• Maintain visibility on evolving IR needs and ensure proactive delivery of scalable, reliable operational enhancements.

What You'll Need:

Education & Experience:

• Bachelor's Degree (or equivalent experience) in a computer-related field

• 3-5 years of experience in cybersecurity operations, incident response, or a similar domain (or equivalent combination of education and experience).

• Hands-on experience with workflow automation - such as building automation playbooks, creating scripts, or leveraging tools like TINES, AWS Lambda, or SOAR platforms.

Technical Expertise:

• Experience with ServiceNow, Jira, or similar workflow/ticketing tools

• Strong IT background (networking fundamentals, systems) and expertise with OSX

• Strong analytical and problem-solving skills with a passion for operational efficiency.

• Experience with project management or process improvement in a technical environment.

• Excellent communication and interpersonal skills; ability to interface with both technical and non-technical stakeholders.

• Familiarity with cybersecurity technologies and concepts, particularly incident response, containment, and automation.

Analytical & Communication Skills:

• Effective communication skills in English (verbal and written)

• Ability to maintain strict confidentiality and operate independently in high-pressure situations

Preferred Skills & Attributes:

• Scripting knowledge (e.g., Python, Perl, Bash, PowerShell)

• Familiarity with Splunk or other advanced SIEM platforms

• Experience with host and network forensics

• Background in malware analysis

• Familiarity with agile project management and compliance frameworks

• Technical security certifications or advanced academic credentials

#LI-GT1

Benefits of Working at CrowdStrike:

• Remote-friendly and flexible work culture

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs

• Competitive vacation and holidays for recharge

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.