Cyber Operations Analyst - Threat Management Specialist Tier 2

Phia LLC

4d•Remote

About The Position

At phia we hire talented and passionate people who are focused on collaborative, meaningful work—providing technical and operational subject matter expertise and support services to our partners and clients. phia is seeking a Threat Management Specialist (Tier 2) to perform deep‑dive incident analysis, correlate security data from multiple sources, and determine the impact to critical systems and datasets. This role focuses on threat detection, network traffic analysis, incident response, and leveraging AI/ML and SOAR technologies to strengthen CSOC efficiency and accuracy. The ideal candidate brings strong technical expertise across IDS/IPS, SIEM, EDR/XDR, cloud security, and machine learning–enhanced threat detection, along with excellent analytical and communication skills. This role requires a detail‑oriented cybersecurity professional capable of executing playbooks, performing advanced investigations, and contributing to continuous SOC improvement through automation and AI-driven enhancements.

Requirements

Cybersecurity professional with 3+ years of IT security experience, including exposure to AI/ML projects.
At least 2+ years of experience in network traffic analysis.
Strong working knowledge of Boolean logic, TCP/IP fundamentals, threat management, and network‑level exploits.
Experienced with IDS/IPS technologies, architectures, and signature development (signature‑ and anomaly‑based detection).
Skilled in cloud security across AWS, Azure, and GCP environments.
Hands‑on experience using SOAR platforms and supporting cybersecurity automation.
Proficient in using ML frameworks to develop, train, and deploy models for anomaly detection or behavioral analysis.
Strong data analysis and feature engineering skills across logs, network traffic, and large datasets.
Familiar with AI/ML use cases in cybersecurity such as automated threat detection, incident response automation, and predictive analytics.
Knowledgeable in applying control frameworks and risk management techniques.
Excellent oral and written communication skills with strong interpersonal and organizational abilities.
Understanding and experience identifying and implementing automation use cases.
BA/BS in Cybersecurity, Computer Science, Information Technology, or a related field or equivalent hands‑on experience.
Relevant certifications such as GCED, GSEC, CISSP, or SSCP desired.
3+ years of IT security experience with exposure to AI/ML projects.
2+ years of network traffic analysis.
U.S. Citizenship required
Ability to obtain Public Trust clearance

Nice To Haves

Experience tuning and maintaining IDS/IPS technologies.
Cloud security experience across AWS, Azure, and GCP.
Hands‑on SOAR platform experience.
Machine learning model development for threat detection and analytics.
Advanced network traffic analysis and evidence‑based recommendations.
Experience performing threat intelligence analysis using ML‑enhanced tools.
Strong understanding of IDS/IPS signature creation and detection methodologies.
Experience evaluating AI/ML solutions within SOC environments is a plus.

Responsibilities

Identify cybersecurity issues and recommend appropriate mitigating controls.
Analyze network traffic to detect exploit attempts, intrusions, and anomalous activity.
Recommend and develop detection mechanisms for exploit and intrusion‑related threats.
Provide subject matter expertise on network-based attacks, traffic analysis, and intrusion methodologies.
Escalate complex items requiring deeper investigation to senior members of the Threat Management team.
Execute operational processes in support of incident response activities.
Utilize AI/ML‑based tools to detect anomalies, automate triage, and enhance threat intelligence operations.
Perform threat intelligence research and analysis, using ML‑enhanced tools to assess risk and adapt defenses.
Manage email security with ProofPoint, monitor for threats, and respond to attacks promptly.
Configure and use Splunk for log analysis, alert creation, event monitoring, and incident investigation.
Configure and use FirePower for network monitoring, traffic analysis, and enforcement of security policies.
Deploy and manage SentinelOne agents, monitor alerts, and perform host‑based security assessments.
Monitor and respond to alerts across platforms including Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud SCC.
Perform threat detection, investigate suspicious activity, coordinate incident response, and implement remediation.
Tune security policies and maintain visibility across cloud and endpoint environments.
Support continuous improvement of the organization’s security posture.
Stay current on cybersecurity trends, threat actors, and advancements in AI/ML research.
Identify, recommend, and implement automation use cases—leveraging AI/ML to enhance SOC capabilities.
Collaborate with operations teams to drive SOC enhancements through automation and AI integration.