Sr. Cybersecurity Operations Analyst

About The Position

Requirements

• 5+ years’ experience in Security Operations or related IT operational roles.
• Hands‑on experience with relevant Technology Environment and Security Tooling including: Security monitoring and incident response (Microsoft Defender and Sentinel), Vulnerability management tools and processes (Tenable, Burpsuite, CSPM, Managed Engine), Endpoint, network, and identity security controls (Defender, Cisco, Citrix, Palo Alto), Microsoft Windows Administration (AD/Azure AD, Entra ID, Exchange, Sharepoint, etc.), Cloud security operations (AWS, GCP, Azure, O365), Windows and Linux operating systems
• Demonstratable experience with analyzing security events, effectively identifying suspicious activity, and handling incidents, effectively responding to threats in a hybrid environment
• Working knowledge of common attack techniques targeting multi-national organizations and aviation and translating to TTP from MITRE ATT&CKS.
• Experience developing detection logic and threat hunting queries using Microsoft KQL, or similar query languages
• Deep understanding of applicable security requirements for DISA STIG, Cloud Security Requirements Guide, and CIS Benchmarks and ability to effectively advise in tailoring for specific business needs.
• Ability to work effectively in a government regulated organization including familiarity with NIST 800-53 Revision 5 and Capability Maturity Model
• Ability to work overtime during critical peaks, be available to meet last minute requests for overtime
• Ability to work both independently and as part of a team in a dynamic environment
• Ability to obtain Microsoft Security Operations Analyst Certification SC-200 within one year of hire
• Ability to acquire and maintain Top Secret or Secret clearance as required
• S. Degree in Computer Science or related field.

Nice To Haves

• CISSP or GIAC (GSEC, GCIA, GCFA, GCIH, GCWN) or similar certification strongly desired.

Responsibilities

• Design, implement, and leverage advanced detections using SIEM and SOAR technology
• Develop innovative custom detection rules and automated remediation, playbooks, and alerts tailored to the organization's threat landscape for enterprise and customer security.
• Leverage industry standard MITRE frameworks to identify detection coverage and address gaps.
• Evaluate, validate, tune, and sunset detection capabilities to optimize Alert to Incident ratio
• Maintains operational playbooks and workbooks to improve security detection and response
• Participate directly in the security incident response process and effectively contribute to the containment and eradication of threats and recovery of technology from cybersecurity incidents.
• Monitor multiple sources of incident reporting (mailboxes, hotlines, external sources) and optimize response times through automated routines
• Propose and define new SIEM content and monitoring use cases as needed upon emergence of new applications, threats, and policies.
• Monitor and resolve security alerts from the SIEM and other security systems, as well as those escalated by the MSV providing SOC services, for potential threats and compliance issues.
• Improve detection systems for performance, scalability, and cost effectiveness.
• Conduct threat modeling to proactively identify and address security risks before exploitation.
• Perform security evaluations on hybrid cloud environment and recommend prioritized actions
• Perform attack simulation testing to validate efficacy of use cases and purple teaming exercise
• Monitor industry security advisories and prioritize advancing threats and recommend mitigations
• Coordinate with System Operations on vulnerability patching cycles to reduce mean time to remediate significant vulnerabilities
• Guide the organization on security best practices and promote a security minded company culture

Benefits

• medical
• dental
• vision insurance
• employee assistance program
• generous paid time off
• 401K contributions