Threat Analyst

About The Position

Requirements

• Bachelor’s degree/diploma in Computer Science, Information Security, or related field.
• Minimum 2 years of experience in Cyber Intelligence or as a Threat Hunter, ideally within a CIRT/SOC; hands-on experience with SIEM content and automation development.
• Direct prior experience with core security technologies such as SIEM, vulnerability scanners, anti-virus solutions, and EDRs.
• Strong knowledge of threat intelligence and threat hunting, including MITRE ATT&CK, kill chain, hypothesis-driven methods, and IOC lifecycle management.
• Demonstrated experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic): data onboarding, parsing, correlation rules, dashboards, and tuning.
• Experience with SOAR platforms (e.g., Splunk SOAR, Microsoft Sentinel automation, Swimlane) and building playbooks for enrichment and response.
• Strong analytical and investigative skills; knowledge of technical security controls and mitigations.
• Experience with advanced endpoint analytics and EDR tooling (e.g., CrowdStrike, Defender for Endpoint, Sophos).
• Good working knowledge of common security threats, industry best practices, and security technologies.
• 24x7 on-call availability for high severity incidents.
• Knowledge of digital forensics, malware analysis, penetration testing and ethical hacking.
• Proficiency in scripting languages (Python, PowerShell, shell) is a plus.
• Industry certifications are a strong asset (e.g., GIAC, Microsoft SC-200, Splunk Enterprise Security, AWS/Azure security certs).

Nice To Haves

• Proficiency in scripting languages (Python, PowerShell, shell) is a plus.
• Industry certifications are a strong asset (e.g., GIAC, Microsoft SC-200, Splunk Enterprise Security, AWS/Azure security certs).

Responsibilities

• Analyze activity trends using a mix of tools and analytical methodologies to hunt for threats not otherwise detected by configured security alerts.
• Conduct threat scenario analysis to develop new use cases with relevant attack vectors; develop attack scenarios to formulate hunting strategies to identify threats undetected by existing controls.
• Perform in-depth investigation of events of interest identified during hunts or from security alerts as defined investigation and response procedures.
• Monitor, triage, and operationalize threat intelligence from commercial, open-source, ISAC/ISAO, and government sources.
• Correlate threat intelligence with internal telemetry to identify potential compromise and guide hunts and incident response.
• Create and deliver regular threat hunting and threat intelligence reports including hypotheses, datasets, findings, false positives, and detection/response improvements.
• Contribute to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.
• Define and track Security Operations metrics.
• Design, develop, and maintain automation and SOAR playbooks to streamline alert triage, enrichment, containment, and notification workflows.
• Automate routine operational tasks (e.g., IOC curation, asset/context lookups, quarantine, user suspension) to reduce MTTD/MTTR.
• Facilitate vulnerability management by correlating vuln data with exploits-in-the-wild; prioritize remediation based on risk and exposure.
• Participate in IR exercises to validate processes and IR capabilities.
• Other duties as assigned to fully meet the requirements of the position.

Benefits

• medical
• dental
• vision
• 401k
• profit sharing
• short-term/long-term disability
• life insurance
• tuition reimbursement
• paid time off
• paid holidays
• discretionary bonuses