Cyber Defense Generalist – Americas

About The Position

Requirements

• Bachelor’s degree recommended; equivalent practical experience considered.
• 3–6+ years of experience in security operations, incident response, or cyber defense roles.
• Demonstrated hands-on experience investigating security alerts and incidents across endpoint, identity, cloud, SaaS, email, and network domains.
• Experience supporting regulated or customer-driven security environments.
• Practical experience with DLP investigation and response workflows, including handling sensitive data loss scenarios with discretion and defensible documentation.
• Practical experience in managing and operating a SIEM solution – from ingest to reporting.
• Working knowledge of threat intelligence consumption and basic threat hunting techniques.
• Experience collaborating with infrastructure, cloud, identity, and application teams during incident response or remediation activities.
• Strong written and verbal communication skills, with the ability to clearly document technical findings and explain risk and impact.
• Ability to operate effectively in a global, multi-time-zone environment while maintaining consistency with enterprise standards.
• Alignment with Ralliant values and the Ralliant Business System (RBS), including ownership, transparency, and continuous improvement.

Nice To Haves

• Familiarity with CMMC and NIST SP 800‑171 expectations is preferred.

Responsibilities

• Execute SOC operations including alert investigation, correlation, case management, escalation, and shift handoff in alignment with 24x7 operational coverage models.
• Perform incident response activities, including detailed analysis, containment support, evidence collection, and recovery coordination under direction of the incident commander.
• Support incident command by providing timely technical findings, impact assessments, and clear updates suitable for operational and executive audiences.
• Operate, tune and Manage SIEM (LogScale) for Security operations activities.
• Investigate and respond to DLP alerts, applying defined workflows, documentation standards, and escalation criteria, and coordinating with Legal, HR, and Privacy for sensitive cases.
• Conduct threat analysis and targeted threat hunting, identifying indicators of compromise, validating detections, and surfacing control gaps or improvement opportunities.
• Translate threat intelligence into actionable investigative steps, detection feedback, and response recommendations.
• Support exposure and vulnerability response activities by validating exploitability, assisting with risk-based prioritization, and tracking remediation or exception outcomes.
• Ensure high-quality documentation and evidence handling to support audits, customer inquiries, and regulatory obligations, particularly for regulated environments.
• Contribute to continuous improvement by providing feedback on detections, false positives, playbooks, and operational workflows.
• Participate in simulations, tabletop exercises, and after-action reviews, incorporating lessons learned into day-to-day execution.
• Follow RBS-aligned standard work, including runbooks, playbooks, checklists, and tooling, to ensure consistent, repeatable, and auditable operations.
• Partner with Cyber Defense Engineering to improve detection coverage and fidelity across endpoint, identity, cloud, SaaS, email, and network telemetry, including tuning to reduce false positives and increase high confidence detections.
• Execute threat hunts focused on both security and resilience, identifying control gaps, validating defensive assumptions, and improving readiness for high impact scenarios.