Junior Security Analyst

About The Position

Requirements

• 1–3 years of security or IT operations experience including internships or co‑ops, with exposure to SIEM platforms, vulnerability assessment tools, and EDR technologies.
• Incident response familiarity including alert triage, containment, eradication, and post‑incident documentation, supported by use of ticketing/case‑management systems.
• Scripting proficiency in Python, PowerShell, or Bash for automation, log parsing, or detection development.
• Operating system expertise across Windows (AD, GPO, Event Logs, registry) and Linux/Unix (permissions, logs, processes, CLI tools).
• Networking fundamentals including TCP/IP, DNS, DHCP, HTTP/S, SMTP, SSH, RDP, plus familiarity with routing (BGP, MPLS), VLANs, firewalls, and segmentation.
• Web application security knowledge including OWASP Top 10, SQLi, XSS, and authentication weaknesses.
• Basic digital forensics capability including memory/disk artifact analysis during investigations.
• Threat intelligence literacy including interpreting IOCs, CVEs, and feeds such as VirusTotal or AbuseIPDB.
• Strong communication and documentation with the ability to produce clear incident reports and manage multiple priorities effectively.
• CompTIA Security+ required or in progress.

Nice To Haves

• Security tooling experience across SIEM (Splunk, Sentinel, QRadar), EDR (CrowdStrike, Defender XDR, SentinelOne), and vulnerability scanners (Nessus, Qualys, Rapid7).
• Threat intelligence and network analysis using platforms like Recorded Future, MISP, VirusTotal, and tools such as Wireshark, Zeek, Suricata, or Snort.
• Automation and cloud monitoring including SOAR (XSOAR, Splunk SOAR) and cloud security tools across AWS, Azure, or GCP.
• Identity, forensics, and PKI with exposure to IAM/PAM, digital forensics tools (Autopsy, FTK, Volatility), and certificate lifecycle management.
• Modern infrastructure security including container and Kubernetes security awareness.
• Preferred certifications such as CySA+, Network+, CEH, SC‑200, GSEC, or Splunk certifications.

Responsibilities

• Monitor and investigate security events across SIEM, EDR, IDS/IPS, and related platforms, performing triage, root‑cause analysis, and escalation as needed.
• Support incident response by analyzing alerts, containing threats (malware, phishing, unauthorized access), and documenting findings.
• Conduct vulnerability management through regular scanning, analysis, and tracking of remediation efforts.
• Analyze logs and network activity from firewalls, proxies, AD, cloud services, and endpoints to identify suspicious behavior.
• Enhance detection capabilities by tuning SIEM rules, correlation logic, and alert thresholds to improve fidelity.
• Produce clear reporting including incident summaries, dashboards, and documentation for audits and compliance.
• Collaborate with IT and engineering to coordinate remediation and share security guidance.
• Maintain security documentation such as runbooks, SOPs, and knowledge base articles while staying current on emerging threats.

Benefits

• discretionary bonus
• equity
• medical and other benefits