Cybersecurity Analyst

About The Position

Requirements

• 2-3+ years of experience in a security operations role
• Proven experience triaging and responding to a significant volume of security events and cyber incidents, ideally in a high-alert environment, utilizing processes aligned with industry standards such as NIST, SANS PICERL, or similar frameworks.
• Hands-on experience managing, prioritizing, and remediating vulnerabilities specifically within large-scale Linux environments.
• Expertise utilizing SIEM platforms to conduct advanced searches, build custom detections, and tune alerting logic.
• Demonstrated experience developing and maintaining automated remediation workflows using SOAR platforms.
• Demonstrated understanding of threat intelligence and threat hunting concepts, methodologies, and best practices.
• Strong foundational information technology knowledge: Windows, Active Directory/Entra, Linux, networks, cloud and mobile systems.
• Experience conducting tabletop exercises and adversary emulation.

Nice To Haves

• Financial services experience
• Hands-on experience with Crowdstrike Next-Gen SIEM, Logscale/CQL, Falcon Fusion SOAR, Falcon Foundry.
• Experience performing threat hunts in Linux and Windows environments, including cloud, on-premises, and containerized platforms such as Kubernetes.
• Hands-on experience utilizing common penetration techniques and tools.
• One or more scripting languages (e.g., Python & PowerShell).
• Prior web application assessment experience.
• Certifications, including but not limited to: GCIH, GCIA, GCFA, GPEN, OSCP

Responsibilities

• Incident Response – Prepare for and assist in incident response, including on-call rotation.
• Threat Monitoring – Continuous review of security alerts in partnership with vendors.
• Threat Hunting – Identify previously undetected attacks. Feed detection pipeline and improve security posture.
• Threat Intelligence – Analyze and incorporate actionable intel within detection, monitoring and hunting disciplines. Track and model adversaries to focus program activities.
• Vulnerability Management – Monitor internal/external attack surface, validate vulnerabilities, and prioritize remediation.
• Security Posture – Assess risk of changes to IT and security systems. Maintain coverage of controls and implement preventative/detective measures. Conduct risk assessments.
• Penetration Testing – Coordinate vendor testing. Drive finding remediation providing expert guidance and verification.
• Threat Detection – Introduce new and enhance existing rules. Increase fidelity and create response runbooks.
• Automation – Implement methods (SOAR and scripting) to speed delivery and maintain consistency.