Senior Cyber Threat Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field
• 5+ years of experience in Security Operations, Incident Response, Threat Hunting, Detection Engineering, and/or related cybersecurity roles
• Significant relevant experience (e.g., military cyber operations) may be considered in lieu of a degre
• Strong SOC experience investigating security alerts, performing incident response, and log analysis
• Hands-on experience working with SIEM, EDR, and other enterprise security monitoring tools
• Familiarity with the MITRE ATT&CK Framework and attacker TTP analysis
• Excellent collaboration and communication skills, particularly in high-stress situations
• Ability to produce clear technical and operational reporting for both technical teams and leadership
• Strong analytical skills and priority management

Nice To Haves

• Master’s degree in Cybersecurity, Computer Science, Information Technology, or related field
• Hands-on experience in two or more of the following areas: Security Operations, Incident Response, Cyber Threat Intelligence, Threat Hunting, Detection Engineering, Security Engineering, Insider Threat Analysis, Digital Forensics, All-Source Intelligence, Penetration Testing, Red Teaming, Network Security Management, Cyber Risk Management, Cloud Security, Vulnerability Management, Malware Analysis
• Experience in the financial services sector and familiarity with security best practices, regulatory requirements, and industry frameworks (e.g., NYDFS, FFIEC, NIST CSF, ISO 27001, SWIFT CSF)
• Experience developing detection logic and threat hunting queries using Splunk SPL, Microsoft KQL, or similar query languages
• Experience with endpoint, identity, and network monitoring technologies such as EDR, IDS/IPS, Firewalls, WAF, DLP, UEBA, email security gateways, and sandboxing technologies
• Experience with Microsoft Sentinel and Defender (MDE, MDI, Defender for Cloud Apps) as well as other Microsoft security ecosystem tools
• Relevant certifications such as CISSP, GCIH, GCFA, GCIA, GSEC, GCTI, CTIA, Security+, Microsoft Security Operations Analyst Associate

Responsibilities

• Lead and support advanced SOC investigations, incident response activities, and Tier-3 escalations, providing deep technical analysis of security alerts, anomalous behavior, and suspected malicious activity
• Perform proactive threat hunting activities across enterprise security telemetry including SIEM, EDR, identity, network, and cloud logs to identify previously undetected or emerging threats
• Analyze attacker behaviors and intrusion patterns to develop threat hunting hypotheses and detection strategies aligned with the MITRE ATT&CK framework
• Investigate complex security alerts and incidents, performing log analysis, endpoint analysis, and timeline reconstruction to determine root cause, scope, and impact
• Leverage internal telemetry, alerts, and IOC trends to identify threat patterns targeting the organization and opportunities for improved detection coverage
• Enhance threat detection and response capabilities by supporting the development and improvement of SOC detection logic, response procedures, escalation playbooks, and analyst decision trees
• Conduct proactive analysis of alert trends to identify gaps in detection coverage and recommend new or improved monitoring capabilities
• Utilize Cyber Threat Intelligence (CTI) sources to contextualize incidents, inform threat hunting efforts, and prioritize investigations
• Monitor open-source, closed-source, and vendor-provided threat intelligence to stay abreast of emerging threats, vulnerabilities, and adversary tactics relevant to the organization
• Develop and maintain profiles of relevant threat actors, including tactics, techniques, and procedures (TTPs), and incorporate those insights into threat hunting and detection strategies
• Assist in SOC and Incident Response escalations, providing technical expertise and investigative support during security incidents
• Conduct threat, risk, and vulnerability assessments to provide actionable remediation and security control improvement guidance
• Collaborate with the Red Team and Cyber Incident Management to support red team exercises, incident response training, tabletop exercises, and detection validation
• Perform targeted access reviews and anomaly analysis across enterprise systems (Windows, Linux, databases, network infrastructure, cloud platforms) to identify suspicious activity
• Collaborate with DLP and other security teams on insider risk investigations and monitoring initiatives
• Contribute to the development and improvement of SOC procedures, threat hunting methodologies, and intelligence-driven detection processes
• Collaborate with relevant stakeholders on security awareness messaging and threat awareness related communications

Benefits

• BBH and its affiliates' compensation program includes base salary, discretionary bonuses, and profit-sharing.
• BBH's total rewards package recognizes your contributions with more than just a paycheck—providing you with benefits that enhance your experience at BBH from long-term savings, healthcare, and income protection to professional development opportunities and time off, our programs support your overall well-being.