Cyber Threat Analyst - Detection Automation and Engineering

Phia LLC

2d•Remote

About The Position

At phia we hire talented and passionate people who are focused on collaborative, meaningful work—providing technical and operational subject matter expertise and support services to our partners and clients. phia is seeking a Cyber Threat Analyst to support cybersecurity integration efforts across a large‑scale enterprise environment. This role focuses on performing triage, threat detection, incident analysis, and automation development leveraging AI/ML capabilities. The ideal candidate has extensive hands‑on experience with SIEM, EDR, XDR, SOAR, and network security, along with strong analytical and communication skills that enable effective reporting, technical interpretation, and cross‑functional collaboration. This role requires a detail‑oriented cybersecurity SME capable of translating complex threat data into meaningful insights, developing use cases, and enhancing security program maturity.

Requirements

Cybersecurity professional with 7+ years of experience in security operations, threat hunting, and incident response.
Experienced analyzing alerts from Cloud, SIEM, EDR, and XDR tools—preferably SentinelOne, Armis, and Splunk.
Skilled in configuring network devices and analyzing network traffic.
Familiar with cybersecurity operations center (SOC) functions and enterprise security workflows.
Experienced working with AI/ML‑based security tools and developing SOAR use cases.
Proficient in configuring or re‑configuring tools such as SentinelOne and Splunk.
Knowledgeable in applying frameworks such as MITRE ATT&CK and NIST to develop actionable monitoring solutions.
Must hold at least one of the following certifications: CISSP, CISA, CISM, GIAC, RHCE
BA/BS in Cybersecurity, Computer Science, Information Technology, or a related field or equivalent hands‑on experience.
7+ years supporting enterprise security operations, detection engineering, and incident response.
Extensive experience with SIEM/EDR/XDR platforms, network analysis, and security automation.
U.S. Citizenship required
Ability to obtain Public Trust clearance

Nice To Haves

Developing, testing, and implementing Risk‑Based Alerting (RBA).
Identifying RBA‑driven use cases and SOAR/AI‑ML automation opportunities.
Monitoring and analyzing alerts from IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne, and cloud security tools with recommendations for tuning.
Analyzing network traffic and providing evidence‑based recommendations.
Conducting vulnerability assessments of recently disclosed CVEs across enterprise systems.
Assisting with configuration or re‑configuration of enterprise security toolsets.
Performing host‑based analysis across diverse operating systems including Windows, Linux, UNIX, embedded systems, and mainframes.
Developing signatures for deployment across cybersecurity defense tools based on observed or emerging threats.
Testing, evaluating, and verifying hardware/software to validate compliance with requirements.

Responsibilities

Perform triage on all security escalations and detections to determine scope, severity, and root cause.
Monitor cybersecurity events, detect potential incidents, and conduct detailed investigations.
Identify, recommend, develop, and implement automation use cases leveraging AI/ML technologies.
Support deployment, configuration, testing, and maintenance of Security Orchestration, Automation, and Response (SOAR) platforms and AI/ML‑enabled tools to strengthen detection and response.
Provide ongoing support to the Program Manager as required.
Communicate complex technical information clearly to non‑technical audiences.
Influence stakeholders to comply with cybersecurity policies, standards, and best practices.