IT Security Analyst (USI5)

About The Position

Requirements

• Bachelor’s degree in computer science, information security, or a related field; or equivalent combination of education, technical certifications, and relevant experience.
• Minimum of 4–6 years of experience in cybersecurity operations, incident response, or related security domains.
• Proven hands-on experience with SIEM, SOAR, EDR, and email security technologies.
• Strong analytical skills and the ability to correlate logs across multiple systems to identify patterns and potential compromises.
• Proficient with scripting languages such as PowerShell, Python, or like automate investigative tasks.
• Working knowledge of Azure and Microsoft 365 security stacks, including Entra, Defender for Cloud, and Intune.
• Understanding of cloud security principles (SaaS, PaaS, IaaS) and identity management concepts (MFA, PKI, RBAC).
• Excellent communication, documentation, and interpersonal skills; able to articulate complex technical issues to non-technical stakeholders.
• Ability to work independently, prioritize tasks effectively, and make sound decisions in high-pressure scenarios.
• CompTIA Security+ CE (required)

Nice To Haves

• Master’s degree
• additional advanced certifications such as CySA+, CASP+, or SANS (GCIA, GCIH, GMON) are strongly preferred.
• Experience in tuning SIEM detections and authoring correlation rules.
• Hands-on experience with Sentinel One, CrowdStrike, or similar EDR services
• Experience conducting or participating in tabletop and red/purple team exercises.
• Familiarity with MITRE ATT&CK framework and cyber kill chain analysis.
• Familiarity with NIST CSF, 800-171, ISO 27001 or similar frameworks.
• Demonstrated success leading cross-functional initiatives or incident response efforts.

Responsibilities

• Own the triage and investigation of all security alerts and incidents in alignment with VSE’s Incident Response (IR) framework, serving as the primary responder and escalation point in coordination with VSE’s managed SOC partner.
• Perform advanced analysis of security alerts from multiple sources to identify true positives, detect emerging threats, and recommend containment and remediation strategies.
• Serve as the primary point of contact for escalated incidents from Tier I analysts and managed SOC partners.
• Own and continuously improve the incident response playbooks, ensuring procedures evolve with threat intelligence and adversarial trends.
• Develop and implement SIEM use cases, correlation rules, and dashboards to improve detection accuracy and operational efficiency.
• Manage and maintain endpoint, email, and cloud security platforms — ensuring configurations, policies, and rules are optimized for evolving threats.
• Conduct phishing simulations and user behavior analysis; lead targeted awareness campaigns for high-risk groups.
• Perform root cause analysis for recurring incidents and propose technical or procedural remediation plans.
• Collaborate closely with Network, Infrastructure, and Cloud teams to harden environments and ensure consistent enforcement of security controls.
• Support security audits, penetration testing activities, and red/blue/purple team exercises — driving follow-up actions to closure.
• Generate metrics, reports, and trend analysis to inform leadership and support continuous improvement initiatives.
• Act as the technical lead for specific security domains (e.g., SOAR/SIEM operations, incident response).
• Guide team members in threat analysis and incident handling.
• Contribute to policy and process development, ensuring alignment with regulatory frameworks and industry best practices.
• Lead post-incident reviews and lessons-learned sessions to improve detection and response maturity.
• Other duties as assigned.
• Engage directly with end users following a triggered security event (e.g., phishing link clicked, or malware executed), investigate the sequence of actions, determine scope, and impact, and communicate required next steps to the user and response team.
• Coordinate with IT and infrastructure teams to isolate affected endpoints, remove them from the network, ensure account integrity, provide replacement assets if needed, and restore user productivity while minimizing business disruption.
• Design and deliver targeted remedial training or awareness follow-up to users when security incidents occur, helping to reduce repeat events and strengthen the human element of defense.

Benefits

• background check
• drug testing