Sr Cyber Defense Ops Specialist

Citizens Financial Group•Johnston, RI

About The Position

We are seeking a skilled and proactive Level 2 Cybersecurity Analyst to join our Cyber Defense Operations team. This role is responsible for investigating and responding to security incidents, performing advanced threat analysis, and supporting the continuous improvement of detection and response capabilities. You’ll work closely with junior analysts, threat intelligence, and incident response teams to ensure timely detection and mitigation of security threats across Citizens Bank’s enterprise environment. Key Responsibilities Investigate escalated security alerts and incidents from Level 1 analysts. Perform root cause analysis and impact assessments of security events. Conduct threat hunting and anomaly detection across enterprise systems. Collaborate with incident response teams to contain and remediate threats. Correlate threat intelligence with internal telemetry to identify emerging threats and attack patterns. Assist in the creation of use cases and offer recommendations for tuning detection rules in SIEM and other monitoring tools. Recommend improvements to incident response playbooks and runbooks. Provide mentorship and guidance to Level 1 analysts. Participate in post-incident reviews and contribute to lessons learned. Represent Cyber Defense in cross-functional security and risk initiatives.

Requirements

Deep understanding of network and endpoint security concepts.
Knowledge of threat actor tactics, techniques, and procedures (TTPs).
Familiarity with the MITRE ATT&CK framework and threat intelligence platforms.
Knowledge of regulatory and compliance frameworks (e.g., NIST, ISO, PCI-DSS).
Proficient in log analysis, packet capture review, and malware analysis.
Strong analytical and problem-solving skills.
Experience with scripting or automation (Python, PowerShell, Bash).
Effective oral and written communication skills for both technical and non-technical audiences.
Ability to work independently and collaboratively in a high-pressure environment.
Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent experience.
2–5 years of experience in cybersecurity operations or incident response.
Security certifications such as CySA+, GCIH, GCIA, CEH, or equivalent preferred.
Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR tools (e.g., CrowdStrike, Microsoft Defender).
Willingness to participate in a rotating on-call schedule or extended hours during critical incidents.

Nice To Haves

Hands-on experience with:
SIEM Tools: Splunk, ArcSight, Sentinel, QRadar
EDR/XDR: CrowdStrike, Microsoft Defender, SentinelOne
Network Security: Palo Alto, Cisco, Check Point, FirePower
Data Protection: Symantec DLP, Triton, Guardium
Threat Intelligence & SOAR Platforms
Cloud Security Monitoring: AWS, Azure, or GCP environments

Responsibilities

Investigate escalated security alerts and incidents from Level 1 analysts.
Perform root cause analysis and impact assessments of security events.
Conduct threat hunting and anomaly detection across enterprise systems.
Collaborate with incident response teams to contain and remediate threats.
Correlate threat intelligence with internal telemetry to identify emerging threats and attack patterns.
Assist in the creation of use cases and offer recommendations for tuning detection rules in SIEM and other monitoring tools.
Recommend improvements to incident response playbooks and runbooks.
Provide mentorship and guidance to Level 1 analysts.
Participate in post-incident reviews and contribute to lessons learned.
Represent Cyber Defense in cross-functional security and risk initiatives.