Cyber Security Analyst

About The Position

Requirements

• Minimum 3 years experience in cyber security analysis or a related role.
• Foundational understanding of networking, operating systems, and security principles.
• Strong knowledge of security event triage, threat indicators, and common attack techniques (MITRE ATT&CK familiarity preferred).
• Experience and working knowledge in: Azure/M365 Security (Entra ID sign-ins, Defender alerts, Audit Logs, Conditional Access), CrowdStrike Falcon (detections, host overview, process trees, investigations), Elastic / Kibana (search queries, dashboards, lenses, detection alerts), JIRA (ticket management, documentation, workflow transitions), and Endpoint/Network Security Fundamentals.
• Experience performing incident containment and coordinating with IT or cloud engineering teams.
• Ability to read and interpret logs from endpoints, cloud systems, email security tools, and authentication platforms.
• Basic understanding of Windows and Linux system behaviors, processes, and common administrative commands.
• Familiarity with phishing indicators, malware behaviors, user account anomalies, and suspicious network activity.
• Ability to research new technologies, techniques, tactics, and incorporate that information into analytical processes.
• Strong analytical thinking and problem-solving skills, including ability to follow playbooks accurately.
• Ability to work in a fast-paced 24/7 SOC environment with shifting priorities and time-sensitive responses.
• Clear written communication for documenting investigations and summarizing findings.
• High attention to detail and disciplined adherence to procedures and evidence-handling standards.
• Willingness to learn new tools, techniques, and detection methods, including shadowing senior analysts and participating in training.
• Ability to work collaboratively with IT, security engineering, incident response, and management teams.
• Ability to multitask, work on multiple events, and communicate with other team members virtually.
• Ability to take initiative, work autonomously, and complete tickets as prioritized.

Nice To Haves

• Scripting for automation or enrichment (Python, Powershell)
• Intermediate cloud security experience
• Certifications (CySA+)

Responsibilities

• Utilizes Crowdstrike, Azure/M365, Elastic/Kibana, and other enterprise tooling to correlate events across multiple data sources to identify patterns and emerging threats.
• Leads investigations for escalated alerts involving endpoints, cloud identity, authentication, and network telemetry.
• Performs containment actions such as host isolation, token revocations, and malicious rule quarantines following established Incident Response procedures and playbooks.
• Reviews and tunes detections, lenses, dashboards, and alerts thresholds to reduce false positives and improve actionable intelligence.
• Participates in threat hunting missions and proposes hypotheses based on telemetry gaps or unusual environmental behavior.
• Contributes to playbook updates, new runbook/playbook creations, and continuous improvement of SOC operations.
• Documents incident timelines, root causes, and recommended mitigations for larger organizational teams.
• Maintains awareness of current threats, attack techniques, and organizational security policies.
• Provides timely communication to senior analysts regarding suspicious activity, potential incidents, and operational risks.
• Follows SOC procedures for incident response, containment actions, and enhanced monitoring tasks.
• Participates in shift turnover briefings, contributes to daily operational reporting, and ensures accurate case hand-off.
• Protects sensitive information and maintains strict confidentiality in all SOC work.
• Performs other duties as assigned.

Benefits

• health, dental, vision, life insurance, paid time-off benefits, flexible spending account, 401(k) with employer match, and ESPP