Security Analyst (hybrid)

About The Position

Requirements

• Experience with combined IT and security work within a cybersecurity discipline (4+ years)
• Experience with KQL, Python, PowerShell, or batch scripting (3+ years)
• Experience with cloud computing and cloud computing security (2+ years)
• Experience with security issues, techniques, and implications across computer platforms
• Experience with regulatory frameworks including NIST 800-53r5, CJIS Security Policy, and 60GG-2
• Experience with MITRE framework including TTPs
• CJIS certification (or ability to obtain)

Nice To Haves

• Cybersecurity certifications such as Security+, CySA+, Network+, SSCP, CISSP, CCSP, SecurityX/CASP+, or PenTest+
• Bachelor's degree or higher in Computer Science, Information Security, or a related field

Responsibilities

• Monitor security platforms including SIEM, EDR, and cloud-native security tools for indicators of compromise, indicators of attack, and incident response requirements
• Utilize Microsoft Defender XDR components (Endpoint, Cloud Apps, Identity, Office 365) for monitoring, analysis, and response
• Identify, triage, and investigate phishing incidents, including those submitted manually by end-users
• Perform Identity and Access Management activities with a focus on identifying and managing risky users, risky sign-ins, and sign-in event correlation
• Conduct in-depth investigations of security alerts, perform triage, and escalate or resolve incidents according to established procedures
• Maintain, tune, and optimize security detection rules, alerts, and automations to reduce false positives and improve detection accuracy
• Produce thorough documentation including after-action reports, lessons learned, and security reporting aligned with incident severity and organizational standards