IT Security Operations Specialist

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or related discipline preferred; equivalent experience may be considered.
• 5+ years of IT or cybersecurity experience, including at least 3 years in Security Operations (monitoring, triage, incident response).
• Hands-on operational experience with CrowdStrike Falcon in an enterprise environment (required).
• Experience using Splunk or another SIEM for investigations (searching, pivoting, dashboarding).
• Familiarity with IOC/TTP analysis, MITRE ATT&CK, endpoint OS artifacts, and core network protocols (TCP/IP, DNS, HTTP/S, VPN, proxies).
• Basic scripting/automation ability (PowerShell, Python, JSON).
• Strong analytical, problem-solving, communication, and documentation skills.

Nice To Haves

• Certifications: CrowdStrike CCFA/CCFR/CCFH, CompTIA Security+/CySA+, GIAC (e.g., GCIA, GCFA, GCIH).
• Experience with Netskope (SWG, CASB, ZTNA, DLP) for alert triage and minor policy adjustments.
• Experience tuning EDR/secure web gateway policies and collaborating within established change controls.
• Demonstrated ability to create clear SOPs/runbooks and executive-ready operational metrics.

Responsibilities

• Continuously monitor EDR/XDR alerts (primarily CrowdStrike Falcon), triage events, validate true/false positives, and escalate per playbooks and SLAs.
• Execute incident response activities: containment, eradication, recovery, evidence handling, root cause analysis, documentation, and lessons learned.
• Perform light CrowdStrike administration: sensor health/coverage, minor policy updates (prevention, firewall, device control), tuning detections, and basic RTR workflows under change control.
• Investigate using Splunk, CrowdStrike, and Netskope: query logs/telemetry, pivot on IOCs/TTPs, correlate events, and create ad hoc searches to support IR.
• Review Netskope alerts/events and make minor policy adjustments (e.g., category/exception tuning) per standards and CAB approvals.
• Coordinate remediation with Infrastructure, Endpoint, Network, IAM, and Application teams; validate fixes and track to closure.
• Produce operational and executive-ready reporting, trends, and metrics; support audit and compliance requests.
• Maintain runbooks, SOPs, and knowledge base content to drive consistency and speed onboarding.
• Intake threat intelligence and manage IOCs to enhance detections; align improvements to MITRE ATT&CK.
• Automate repetitive tasks with PowerShell/Python/JSON following coding standards and change management.

Benefits

• medical, dental, vision and prescription drug coverage with the option of a Health Savings Account with company contributions.
• industry leading 401(k) savings plan
• insurance coverage
• employee assistance programs
• various wellness incentives
• paid vacation time
• sick time
• company holidays