Cybersecurity Analyst

Responsibilities 

• Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS)
• Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation
• Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats
• Perform digital forensics to collect, analyze, and preserve evidence for legal or compliance requirements
• Provide incident reports with detailed root cause analyses and actionable recommendations
• Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization
• Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge-sharing
• Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls
• Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness.
• Identify gaps in detection and response capabilities and recommend improvements to SOC leadership.

Qualifications:

• Minimum 7 years of experience in supporting cyber defense operations in highly complex enterprise networks. Experience in SOC, SIRT, or CSIRT capacities
• Experience in enterprise cybersecurity environment investigating targeted intrusions through complex network segments
• Expert understanding of Advanced Persistent Threat (APT), Cybercrime, and Hacktivist tactics, techniques, and procedures (TTPs)
• Subject Matter Expert in cybersecurity principles, threat lifecycle management, incident management
• Comprehensive knowledge of various operating systems (Windows, OS X, Linux), network protocols, and application layer protocols
• Demonstratable experience in scripting languages (may include Powershell, Python, PERL, etc.)
• Understanding of the Cyber Kill Chain methodology, the NIST framework, the MITRE ATT&CK framework, and SANS Critical Security controls
• Working knowledge in modern cryptographic algorithms and systems
• Experience working with and tuning signatures, rules, signatures, and security technologies (IDS/IPS, SIEM, Sandboxing tools, EDR, email security platforms, user behavior analytics
• Network design knowledge including security architecture
• Strong analytical and technical skills in network defense operations including experience with incident handling (detection, analysis, triage)
• Conceptual understanding of cyber threat hunting
• Prior experience and ability analyzing cybersecurity events to determine true positives and false positives. Including cybersecurity alert triage, incident investigation, implementing countermeasures, and managing incident response
• Previous experience with SIEM platforms and log aggregation systems that perform collection, analysis, correlation, and alerting
• Ability to develop rules, filters, views, signatures, countermeasures, and other cyber defense platforms as well as the ability to support analysis and detection continual improvement
• Knowledge of new and emerging cybersecurity technologies
• Ability to create technical documents as well as stakeholder sitreps and briefing documents

Preferred Qualifications:

• Deep Cybersecurity Operations Center experience in the following: intelligence driven detection, security principles, threat lifecycle management, incident management, digital forensics and investigations, network monitoring, endpoint monitoring, OT security principles
• CSOC Process Management experience, to include: process and procedure management, CSOC initiative management, continual operational improvement