Level 2 Cyber Security Analyst

About The Position

Requirements

• 2–4 years of experience in a SOC, incident response, cyber analyst or security operations role.
• 2–4 years of hands-on experience working with at least one (1) of the following: Microsoft Defender for Endpoint (MDE), CrowdStrike EDR, SentinelOne EDR, Stellar Cyber XDR.
• Strong knowledge of attacker tactics and techniques aligned to MITRE ATT&CK, NIST, Lockhead Martin (e.g., persistence, privilege escalation, lateral movement, exfiltration).
• Solid understanding of Windows security fundamentals (event logs, authentication, common persistence locations) and basic Linux/macOS concepts.
• Familiarity with common security log sources and workflows (SIEM concepts, ticketing/case management, escalation processes).
• Ability to write clear incident documentation and communicate findings to both technical and non-technical stakeholders.
• Experience handling sensitive information and following documented procedures and change controls.
• Strong knowledge of the Windows and Linux operating systems.
• Ability to establish and maintain a strong level of customer trust and confidence.

Nice To Haves

• Experience with Microsoft security ecosystem (e.g., Defender for Identity, Defender for Cloud, Entra ID/Azure AD sign-in logs).
• Basic scripting/automation skills (PowerShell, Python, or Bash) for investigation and enrichment tasks.
• Familiarity with network security concepts, protocols (TCP/UDP, DNS, HTTP/S, TLS, proxies, VPNs), and packet/log analysis.
• Threat hunting experience and building detections based on behavioral analytics.
• Experience with vulnerability management and remediation tracking.
• MSSP experience.
• A bachelor’s/master's degree in cyber security or related field, or equivalent level of experience within IT.
• Security certifications (nice-to-have): Security+, CySA+, GCIH, GCIA, SC-200, or equivalent.

Responsibilities

• Monitor and triage security alerts from EDR/XDR, SIEM, and related security tooling; prioritize incidents based on risk and business impact.
• Investigate endpoint threats (malware, ransomware, credential theft, persistence, lateral movement) using Microsoft Defender for Endpoint (MDE), CrowdStrike EDR, SentinelOne EDR, and Stellar Cyber XDR.
• Perform incident response activities: evidence collection, scoping, containment, eradication, recovery, and post-incident reporting.
• Conduct endpoint and host-based analysis (process trees, command-line execution, registry changes, scheduled tasks, persistence mechanisms, network connections).
• Correlate telemetry across endpoint, identity, network, and cloud sources to confirm malicious activity and reduce false positives.
• Execute response actions (e.g., isolate host, kill/quarantine process, block indicators, remove persistence, enforce policy changes) in accordance with playbooks and approvals.
• Develop and maintain detection and response playbooks/runbooks for common attack scenarios (phishing, suspicious PowerShell, credential dumping, suspicious service creation, etc.).
• Create and tune alerting rules, exclusions, and detections to improve signal quality and reduce noise while maintaining security coverage.
• Document investigations thoroughly: timelines, IOCs, impacted assets/users, actions taken, and recommendations for prevention.
• Support threat hunting activities using EDR/XDR telemetry and threat intelligence to identify suspicious patterns and proactively reduce risk.
• Participate in on-call rotation and shift-based SOC coverage as required.
• Research security enhancements and make recommendations for management.
• Stay up to date on information technology trends and security standards.
• Train, mentor, and guide teammates through direct comms and by hosting knowledge transfer calls.

Benefits

• VirtualArmour Academy training