We are looking for a **Senior Cybersecurity Analyst (Tier-2 SOC)** to support cyber defense operations in a multi-tenant Managed Detection and Response (MDR) environment.
This position is focused on cybersecurity monitoring & analysis as part of a comprehensive Security Operations Center (SOC).
**What You will do**
Monitor and conduct analysis of security alerts from a variety of network, endpoint and cloud-based sensors and sources (e.g. signature based IDS/IPS, EDR, network infrastructure, identity and access control logs, etc.).
- Collaborate on investigations and mitigation of security threats.
- Regularly communicate with the team through meetings, workflow tracking, and incident management systems.
- Prepare Incident Reports, After-Action Reports, and SOC Analysis reports.
- Handle escalation of triaged incoming issues (validating assessment of event priority and determination of incident risk and damage or appropriate routing of security or privacy data request)
- Proactively identify vulnerabilities across the entire infrastructure environments and suggest updating of SIEM use cases to generate alerts.
- 'On Call' availability for high-critical incident response scenarios, or emergent imminent widespread threats requiring urgent action.
- Provide communication and escalation throughout the incident per the SOC guidelines.
- Ensure that all security events and incidents (internal / external) are logged, regularly updated, and closed within the set SLA's.
- Lead the development of actionable use cases to detect, triage, investigate and remediate based on latest threat actor trends,
- Support teams through technical implementation of security data parsing thereby creating, validating and testing alerting queries to reduce false positives.
**Qualifications**:
- Minimum 5+ years of operational experience preferred in security operations center, threat intelligence, insider threat operations, threat management, cyber security, information security or related functions.
- Bachelor's degree in Computer Science, Management Information Systems, Information Systems, or a related field/experience is required.
- Strong knowledge of Security Methodologies and Frameworks.
**Preferred**:
- Experience in Highly available 24x7 Enterprise Operational Environment
- Familiarity with cloud architecture/infrastructure and general networking principles.
- Experience with virtualization technologies, especially with Azure and AWS services.
- Strong demonstrated knowledge of web protocols, common attacks, and an in-depth knowledge of Linux/Unix and Active Directory tools and architecture.
- SOC / Pen-Tester / Purple Team / Threat Intelligence / Threat Hunting or similar background, or demonstrable experience through self study.
- Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
- Strong analytical skills and attention to detail.
- Experience around security processes and technologies.
- Ability to research, analyze, and resolve complex problems with mínimal supervision and escalate issues as appropriate.
- Thorough documentation skills.
- Outstanding written and verbal communication skills.
- Must be a highly motivated individual with the ability to self-start, prioritize, and multi-task.
**Desirable Certifications**:
- Certified Information Security Manager (CISM)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- Certified SOC Analyst (CSA)
- CompTIA Security+
- EC-Council Certified Security Analyst (ECSA)
- Certified SOC Manager (CSM)
- Splunk Core Certified User (Splunk Core CU) / Certified Power User (Splunk CPU)