Cybersecurity Ops Analyst Senior CIRT

About The Position

Requirements

• Support complex cybersecurity incident investigations
• Forensic log analysis
• Response activities across the enterprise
• Investigate escalated security cases
• Analyze security telemetry
• Perform forensic review
• Coordinate response actions
• Analysis across SIEM, EDR, endpoint telemetry, identity platforms, email security tools, network logs, cloud telemetry, and other enterprise security data sources
• Work laterally across the ESOC and the broader cybersecurity organization to investigate incidents, validate findings, coordinate response actions, and improve operational readiness
• Serve as an escalation point for high priority cases
• Translate technical investigation findings into clear operational recommendations
• Support playbook development
• Support purple team exercises
• Support tabletop exercises
• Support post incident reviews
• Support documentation
• Support process refinement
• Support knowledge sharing with other analysts

Responsibilities

• Take escalated cybersecurity cases and coordinate triage, investigation, containment, eradication, and recovery activities across affected systems, accounts, and environments.
• Conduct incident investigations using forensic analysis, SIEM, EDR, endpoint, identity, email, network, cloud, and other enterprise security telemetry to determine scope, impact, root cause, and potential data exposure.
• Coordinate approved remediation actions such as account disablement, session revocation, email purge, endpoint isolation, IP or URL blocking, access review, and other response actions needed to reduce risk and restore affected environments.
• Develop clear investigative timelines, case narratives, evidence summaries, technical findings, and response documentation to support operational decision making and post incident review.
• Work laterally across the ESOC and cybersecurity organization to validate findings, communicate risk, coordinate response activity, and support timely incident resolution.
• Identify detection gaps, control weaknesses, forensic visibility gaps, response gaps, and process improvement opportunities based on incident findings, case reviews, purple team activity, and tabletop exercises.
• Support purple team exercises by validating alerts, reviewing adversary emulation activity, identifying visibility gaps, and helping convert findings into improved monitoring, investigation, and response procedures.
• Lead tabletop exercises to validate response processes, escalation paths, communication workflows, analyst readiness, and cross functional coordination.
• Identify training gaps and provide training, mentoring, and knowledge sharing to junior team members to strengthen investigative quality, technical capability, and operational consistency across the ESOC.
• Create, maintain, and improve incident response playbooks, forensic investigation guides, case templates, escalation procedures, and operational documentation.
• Support threat hunting and proactive analysis efforts based on observed incidents, emerging threats, forensic findings, and enterprise risk priorities.
• Contribute to ESOC continuous improvement initiatives, including AI and automation, case management improvements, workflow refinement, documentation, and operational reporting.
• Support the ESOC’s 24/7/365 operational needs as required to maintain continuity of coverage during high priority incidents or elevated tempo events.
• Perform additional duties and support other operational tasks as assigned to meet mission and organizational needs.