Cyber Threat Analyst(Intermediate)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field is preferred.
• Minimum 3-5 years of experience in security analysis, with a strong understanding of network protocols, traffic analysis, endpoint forensics and artifacts.
• Strong experience with Splunk (SPL, dashboards, correlation rules)
• correlation)
• Experience analyzing:
• Endpoint telemetry (EDR tools, host-based investigations)
• Network traffic (packet analysis, NetFlow, IDS/IPS alerts)
• Cloud logs (AWS and Azure)
• Familiarity with AWS (e.g., CloudTrail, GuardDuty, VPC logs)
• Familiarity with Microsoft Azure (e.g., Azure AD/Entra ID, Defender for Cloud)
• Experience with Microsoft Defender XDR (endpoint, identity, email, and cloud)
• Solid understanding of:
• MITRE ATT&CK framework
• Common attack Tactics, Techniques, and Procedures (TTPs)

Nice To Haves

• Experience with SIEM tools and network monitoring systems.
• Strong analytical and problem-solving skills with the ability to respond to complex security incidents.
• Scripting or automation skills (Python, PowerShell, Bash)
• Experience with SOAR platforms and automated response workflows
• Knowledge of digital forensics and malware analysis (basic to intermediate)
• Excellent communication skills, with the ability to clearly explain security issues and recommendations to technical and non-technical stakeholders.

Responsibilities

• Monitor, analyze, and triage security alerts from multiple sources including SIEM, EDR/XDR, and network monitoring tools
• Perform in-depth investigations of security incidents, including malware, phishing, lateral movement, and data exfiltration
• Lead incident response activities and recommend containment, eradication, and recovery actions
• Create incident reports documenting incident timelines, root cause analysis, and remediation recommendations
• Analyze endpoint telemetry to identify suspicious behavior, persistence mechanisms, and exploitation techniques
• Investigate network traffic (e.g., DNS, HTTP(S), NetFlow, PCAP) for indicators of compromise (IOCs) and attacker activity
• Correlate endpoint and network data to identify threats and attack patterns
• Monitor and investigate security events in AWS and Azure environments
• Analyze CloudTrail, VPC flow, Azure Activity, and Azure AD/Entra ID logs to identify suspicious cloud activity
• Support cloud incident response and recommend security improvements
• Utilize Splunk for log analysis, correlation searches, and dashboard creation
• Leverage Microsoft Defender XDR and Trellix Endpoint Security (HX) for threat hunting, alert triage, and response actions
• Develop and tune detection rules to improve alert fidelity and reduce false positives
• Create and maintain runbooks and standard operating procedures (SOPs)
• Conduct proactive threat hunting across endpoint, network, and cloud environments
• Integrate and apply threat intelligence to enhance detection and response capabilities
• Identify gaps in visibility and recommend improvements
• Act as escalation point for Tier 1 analysts
• Provide guidance and training to junior analysts
• Collaborate with to facilitate incident response and improve security posture

Benefits

• Medical
• Dental
• Vision
• 401K
• other possible benefits as provided