Cybersecurity Analyst

About The Position

Requirements

• Demonstrated cybersecurity fundamentals and practical experience triaging alerts, validating suspicious activity, and documenting incident findings.
• Working knowledge of identity security concepts and telemetry, including Entra ID/Azure AD sign-in activity, risky users/sign-ins, roles/groups, MFA, and conditional access principles.
• Strong background in Active Directory, Entra ID (Azure AD), and enterprise user lifecycle/access management, including provisioning/deprovisioning, group-based access, privileged account handling, and access governance practices in a tiered AD environment.
• Familiarity with Microsoft security tooling and workflows (Microsoft Defender and/or Microsoft Sentinel), including log review and evidence collection; KQL familiarity is preferred.
• Hands-on familiarity with vulnerability and security monitoring platforms, including Tenable/Nessus (including Tenable.io) , Netwrix , and Zscaler , with the ability to interpret findings and support remediation tracking.
• Understanding of endpoint and server security concepts on Windows platforms, including common attack patterns, persistence indicators, and response actions.
• Strong written and verbal communication skills with the ability to document technical information clearly for both technical and non-technical audiences.
• Strong organizational skills with the ability to manage multiple priorities and maintain attention to detail in a regulated enterprise environment.
• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field; equivalent practical experience considered.
• Minimum of two (2) years of hands-on cybersecurity experience in security monitoring, incident response support, threat triage, or a related security-focused role.
• Candidate must be able to submit verification of his/her legal right to work in the U.S., without company sponsorship.

Nice To Haves

• Familiarity with PowerShell or automation concepts is preferred; ability to use existing scripts and procedures safely is valued.
• Relevant certifications are a plus (not required), such as Security+, SC-200, AZ-500, or equivalent.
• Ability to travel occasionally for key meetings or collaboration sessions, as needed.
• Availability to participate in periodic after-hours incident support in rotation, as applicable.

Responsibilities

• Monitor and triage security alerts and events across Microsoft security platforms and related tooling, documenting findings, severities, and recommended actions in accordance with established procedures.
• Conduct initial investigation and evidence collection for security incidents involving identity compromise, endpoint threats, suspicious email activity, and cloud security findings; escalate complex or high-severity cases to senior staff.
• Coordinate and track remediation efforts for security findings (vulnerabilities, misconfigurations, risky sign-ins), including verification, closure documentation, and status reporting.
• Support identity and access security processes, including privileged access workflows, access reviews, and enforcement/validation of baseline identity controls aligned to least-privilege standards and approval requirements.
• Support user and access management activities within a tiered Active Directory security model, including adherence to administrative tiering, privileged account separation, and controlled role assignment practices across Active Directory and Entra ID.
• Assist with routine security control validation across Microsoft 365 and cloud services, including posture checks, policy effectiveness verification, and operational reporting.
• Maintain and improve operational documentation (runbooks, SOPs, knowledge articles) based on recurring work, trend analysis, and lessons learned.
• Participate in scheduled maintenance windows and security validation activities as needed.