Cyber Security Operations Analyst II
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Cyber Security Operations Analyst II (SIEM/EDR): Serve as the primary escalation point for security alerts, incidents, and threat investigations, analyzing, containing, and remediating security events with an accent on SIEM/EDR tuning, incident response for medium-to-high severity events, and vulnerability lifecycle ownership. Focus on threat hunting, root-cause analysis with post-incident reporting, and continuous improvement of detection and defensive operations.
Location: United States (Remote)
Company
provides AI-powered decision intelligence solutions for national security, supply chain management, and digital identity.
What you will do
- Monitor and triage alerts from SIEM, EDR, email security, and other monitoring tools; investigate escalated alerts from MSSP or automated detections.
- Lead incident response for medium-to-high severity incidents, including containment, eradication coordination, and root cause analysis with post-incident reports.
- Tune and maintain SIEM/EDR and other security platforms; build custom detection rules, dashboards, and reports.
- Own vulnerability management end-to-end: scanning, analysis, prioritization by exploitability/impact, remediation tracking, and guidance to IT on patching/configuration changes.
- Act as a liaison between security operations and IT/business units; provide technical guidance to Tier 1 analysts and communicate findings in non-technical terms.
- Continuously improve processes and tooling, and maintain incident response runbooks and escalation procedures.
Requirements
- 8+ years of experience in security operations, incident response, or a related field.
- Hands-on experience with SIEM, EDR, and network security tools.
- Strong understanding of threat actors and attack techniques (MITRE ATT&CK) plus incident response best practices.
- Ability to analyze logs, packets, and system behavior to detect and investigate malicious activity.
- Excellent written and verbal communication skills.
Nice to have
- Experience in a small-team environment with cross-functional responsibilities.
- Familiarity with cloud security monitoring (AWS, Azure, or GCP).
- Industry certifications such as Security+, CySA+, GCIH, GCIA, or similar.
- Scripting skills (Python, PowerShell, or Bash) for automation.
Culture & Benefits
- Remote work with a focus on owning multiple areas of security operations within a small team.
- Opportunity to mature the security operations program through continuous improvements to detection and response.
- Cross-functional collaboration with IT and business stakeholders.
Hiring process
- Interviews to assess security operations, incident response, and hands-on tooling experience.
- Discussion of incident scenarios, detection tuning, and vulnerability management approach.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →