Senior Cyber Defense Analyst

About The Position

Requirements

• 5-7 years of hands-on SOC or Incident Response experience in a cloud-first or hybrid environment.
• Strong understanding of attacker lifecycle, MITRE ATT&CK, and threat actor TTPs.
• Experience with EDR (CrowdStrike preferred) , SIEM (Splunk preferred) , and SOAR (Torq, XSOAR, or Phantom) .
• Familiarity with AWS , Okta , and SaaS platforms .
• Proficiency in writing queries and automations using Python, SPL, or equivalent.
• Excellent analytical and investigative skills — capable of operating independently with minimal hand-holding.
• Strong documentation and communication skills for technical and executive audiences.

Nice To Haves

• Experience with CSPM/CDR/VM tools.
• Knowledge of Containers and Kubernetes security.
• Relevant certifications like CEH, Security+, GCIH, GCIA, or AWS Security Specialty .

Responsibilities

• Detection & Triage: Monitor alerts from tools like SIEM, EDR, IAM, CSPM, CDR etc. Perform initial triage, enrichment, and correlation across multiple data sources. Identify false positives and fine-tune rules with detection engineering.
• Incident Response: Lead containment, eradication, and recovery for endpoint, cloud, and identity incidents. Document and communicate incidents through SOAR/Jira/ServiceNow workflows. Perform root cause analysis and propose permanent preventive controls.
• Threat Hunting & Analysis: Proactively hunt using hypotheses mapped to MITRE ATT&CK. Investigate anomalies across CloudTrail, Okta, GitHub, and other telemetry sources. Collaborate with threat intelligence to identify emerging TTPs.
• Automation & Process Improvement: Build or enhance playbooks in SOAR (Torq or equivalent). Create custom enrichment scripts and automations (Python, Bash, etc.). Suggest new detection logic and operational improvements.
• Reporting & Metrics: Track and report operational metrics (MTTD, MTTR, incident categories). Maintain documentation and lessons learned.