Security Analyst II (Remote, M-F 5pm - 1am CT)

ForesiteOverland Park, KS
Remote

About The Position

Foresite is seeking a Security Analyst II who has a passion for security, a keen eye for detail, and a drive to protect organizations from cyberattacks and can work fully remote, Monday - Friday from 5pm - 1pm CT. The Security Analyst II is a critical mid-level role within Foresite’s Security Operations Center. You will work inside our 24/7 Cyber Fusion Center, handling escalated security alerts, leading complex investigations for our managed customers across Google Security Operations (Chronicle) and our SOAR platform, and serving as a subject matter expert for the broader team. You will leverage your advanced knowledge of our detection stack and customer environments to resolve intricate threats and will act as a mentor and escalation point for our Analyst I team.

Requirements

  • 2–4 years of prior experience in a SOC, incident response, or dedicated cybersecurity role.
  • Deep understanding of the cyber kill chain and MITRE ATT&CK framework, common attack vectors (phishing, credential abuse, malware delivery, lateral movement), and hands-on experience with detection, prevention, and response tactics.
  • Hands-on experience navigating SIEM platforms. You understand how alerts are generated, how to build advanced search queries, and how to pivot seamlessly from an alert to supporting log evidence to build a timeline of events.
  • Clear, concise, accurate written communication skills.
  • Attention to detail, reading full log lines and teaching others to do the same.
  • Ability to work Monday - Friday, 5pm - 1am CT.
  • CompTIA Sec+, CompTIA CySA+, BTL1, or equivalent certification is required within 90 days of hire if not already held.

Nice To Haves

  • Hands-on experience with Google Security Operations (Chronicle), Splunk, Elastic, or Microsoft Sentinel
  • BS of IT Security or Cyber Security
  • Familiarity with endpoint detection and response tools (CrowdStrike, SentinelOne, Defender for Endpoint, Carbon Black)
  • Intermediate scripting or query experience (Python, PowerShell, SQL, or YARA-L/SIEM query languages) to assist with automation or custom searches.
  • Prior MSSP or multi-tenant environment experience
  • Additional advanced certifications: GCIA, GCIH, Google Cloud Security Engineer, or similar.

Responsibilities

  • Serve as the primary point of escalation for our Tier 1 Analysts. You will handle complex event triage escalations, guide junior analysts through difficult dispositions, and provide decisive action on high-severity alerts.
  • Act as a knowledge resource for the Analyst 1 team. Answer questions regarding investigations, customer environments, and tool navigation to help upskill the shift.
  • Review complex alert context, gather evidence from Chronicle UDM and supporting tools, reach a final disposition, and either close the ticket with a documented rationale or escalate to Tier 3/Incident Response with a clear handoff.
  • Follow established playbooks for the detection stack, but actively identify gaps, propose workflow improvements, and help draft new guidance alongside your Team Lead to improve overall SOC efficiency.
  • Ensure every ticket is understandable by the next analyst, the customer, or an auditor reading it six months from now. Your written analysis is the primary artifact of your work and should set the standard for Tier 1 analysts.
  • Lead communications through the ticketing system on routine and complex investigations, requests for information, and exclusion/suppression requests.
  • Consistently meet performance scorecards for time-to-resolve, triage accuracy, and ticket closure quality, setting a benchmark for the shift.
  • Actively hunt for noisy rules, false-positive patterns, and alert clusters. Submit highly detailed tuning requests and recommendations to the detection engineering team.
  • Brief the incoming shift on open investigations, anomalies observed, and escalated items waiting on customer response.

Benefits

  • Comprehensive Health & Wellness: Robust medical insurance options to keep you and your family healthy.
  • Employer-Covered Insurance: We fully provide employer-paid Dental coverage, as well as Short-Term (STD) and Long-Term Disability (LTD).
  • Recharge & Refuel: You’ll start with 3 weeks of paid vacation, plus additional sick leave and paid company holidays to ensure you have time to recharge.
  • Growth & Mentorship: Access to world-class training and mentorship. We support your career trajectory, whether you’re looking to deepen your technical skills or move into leadership.
  • Impactful Work: Help protect global clients using the latest AI-enhanced security tools and GCP native technologies.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service