Cybersecurity Analyst

About The Position

Requirements

• Bachelor’s degree in computer science, Information Security, Cybersecurity, or related field—or equivalent work experience.
• 2–5+ years hands-on experience in security operations, SOC, or similar roles, including alert triage, incident response, log investigation, EDR/IDS/Firewall monitoring, or SIEM operations.
• Proficiency with SIEM, EDR/XDR, firewalls/IDS, identity management, endpoint monitoring, and log analysis.
• Basic scripting skills (Python, PowerShell) for automation and analysis.
• Experience with cloud security monitoring and incident response (AWS, Azure, GCP).
• Knowledge of security frameworks (NIST, ISO, CIS) and regulatory compliance (PCI-DSS, HIPAA, GDPR).
• Strong analytical thinking, investigative mindset, attention to detail, and ability to handle ambiguous or incomplete data.
• Excellent communication skills—written and verbal—to document incidents, interact with stakeholders, and explain technical issues to non-technical audiences.
• Ability to work collaboratively, adapt to changing priorities, and operate under pressure.

Nice To Haves

• Previous experience in hospitality, gaming, or large enterprise environments (casino/resort operations a plus).
• Familiarity with data classification, data loss prevention (DLP), and data access monitoring.
• Experience with vulnerability management, patch management, or security compliance frameworks.
• Certifications: CompTIA Security+, CySA+, CEH, CISSP, CISM, GIAC, or cloud security certifications (AWS Certified Security, Azure Security Engineer) preferred.

Responsibilities

• Monitor security alerts and logs across SIEM, EDR/XDR, firewalls/IDS, email security, identity management, and cloud platforms to identify potential security incidents.
• Perform multi-level triage (Level 1–3): assess alerts, validate relevance/impact, escalate or close as appropriate.
• Conduct deep investigations of confirmed incidents, including event timeline reconstruction, scope determination, containment, and remediation recommendations.
• Correlate data across identity, endpoint, network, application, and cloud sources to identify suspicious activity (e.g., abnormal logins, privilege escalation, data exfiltration).
• Consume, analyze, and operationalize threat intelligence feeds to proactively identify emerging threats.
• Develop and use scripts (Python, PowerShell) to automate detection, investigation, and reporting tasks.
• Conduct vulnerability scans, risk assessments, and basic penetration testing; coordinate remediation with IT teams.
• Support patch management and ensure alignment with security frameworks (NIST, ISO, CIS) and regulatory compliance (PCI-DSS, HIPAA, GDPR).
• Support or deliver security awareness training and phishing simulations for staff.
• Collaborate with IT, compliance, business units, and senior InfoSec engineers to coordinate incident response and remediation efforts.
• Generate clear, high-quality incident and investigation reports for technical and business audiences.
• Maintain and update inventories of critical assets: identity stores, privileged accounts, data stores, endpoints, applications.
• Tune and improve detection rules, playbooks, and runbooks based on incident learnings and the evolving threat landscape.
• Leverage SOAR and AI/ML tools to enhance SOC efficiency and threat detection.
• Participate in periodic security audits, reviews, and preparedness exercises.
• Provide on-call support for after-hours incident detection and response, as required.