Cybersecurity Operations Analyst

About The Position

Requirements

• 3+ years of experience in cybersecurity, with a focus on security operations and incident response
• Hands‑on experience administering and maintaining SIEM, EDR, and related security tools
• Understanding of networking concepts, TCP/IP, Active Directory, DNS, DHCP, and network defense technologies
• Proficiency with Windows, Linux, and macOS operating systems
• Experience with cloud security platforms (e.g., AWS, Azure)
• Knowledge of secure engineering principles and technical security testing methodologies.
• All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures.
• As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times.
• As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program.

Responsibilities

• Routinely audit and validate security control coverage (e.g., XDR, ZTNA, DLP) to ensure tools are operating effectively and protect 100% of intended assets.
• Partner with the SOC to ensure log integrity across security and non-security systems; validate alert scope, fidelity, and thresholds.
• Monitor the health and performance of security tools, performing root cause analysis when agents fail or policies are not properly applied.
• Serve as the Tier 2 escalation point for the SOC and lead the full incident response lifecycle, from containment through recovery.
• Conduct proactive threat hunting using threat intelligence, SOC findings, and behavioral analysis to identify threats that bypass automated controls.
• Analyze threat intelligence to inform defensive strategies and continuously improve detection capabilities.
• Collaborate with the SOC to develop, refine, and maintain incident response playbooks aligned to business context.
• Monitor and analyze security alerts from SIEM, EDR, and other tools to identify and respond to potential threats.
• Implement and enforce security controls, policies, and procedures to protect organizational assets.
• Engage in the development and execution of recurring security wargames, including scenario design and cross functional participation.
• Actively participate in blue team activities focused on defensive security, detection, and incident response.
• Collaborate in purple team exercises to validate detection and response effectiveness against real world attack scenarios.
• Participate in internal red team exercises, penetration tests, and simulated attacks to identify security gaps and control weaknesses.
• Perform adversary emulation by modeling tactics, techniques, and procedures (TTPs) of known threat actors.
• Share insights, lessons learned, and intelligence across teams to continuously improve security posture.
• Use findings from offensive testing to optimize SIEM rules, EDR/CASB/SWG policies, firewall configurations, and other security controls.
• Configure, maintain, and optimize a broad portfolio of security technologies, including: Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Attack Surface & Exposure Management (ASM/AEM), Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Data Loss Prevention (DLP).
• Respond to and resolve security related tickets and user inquiries.
• Provide guidance and best practice recommendations to end users and IT partners.
• Troubleshoot security tool issues and perform root cause analysis.
• Create and maintain detailed documentation for incident response procedures, security tool configurations, and security advisories.
• Generate and present reports on security incidents, trends, and overall security posture to management.
• Communicate clearly and effectively with stakeholders during and after security incidents.

Benefits

• medical, dental, and paid vision coverage
• paid time off and company holidays
• retirement savings with employer contribution
• employee wellness resources
• professional development opportunities
• flexible work arrangements
• employee assistance programs