Principal Cyber Threat Analyst

Role Overview

• Analyze alerts, investigate incidents, and lead response activities across enterprise systems
• Act as Incident Commander and escalation point for high-severity incidents and post-incident reviews
• Perform threat hunting, retro hunting, and deep-dive analysis to identify advanced attack techniques
• Continuously improve detection and response workflows, playbooks, and automation
• Serve as the SME for AI detection and response, including threats such as prompt injection, model abuse, and data leakage
• Partner with business units to understand AI usage and provide guidance on secure implementation and monitoring
• Identify and onboard new telemetry sources for AI platforms and agentic workflows
• Translate emerging AI threats and industry trends into actionable detections and controls
• Provide hands-on mentorship and guidance to analysts during investigations and response efforts
• Set the technical standard for alert review, triage, detection quality, and investigation depth
• Lead by example in incident handling, documentation, and decision-making under pressure
• Support hiring, onboarding, and ongoing development of team members
• Design and maintain detection logic, playbooks, and workflows aligned to threat coverage and business risk
• Ensure detection capabilities support key objectives such as visibility, automation, and data quality
• Identify gaps in tooling, telemetry, and processes; recommend and drive long-term improvements
• Align detection and response strategies with frameworks such as MITRE ATT&CK and emerging AI threat models
• Partner with product owners, engineering teams, and vendors to translate business priorities into security solutions
• Organize and drive cross-functional initiatives to enhance detection and response capabilities and improve overall security maturity
• Support root cause analysis and remediation efforts across technical and business domains
• Communicate risk, threats, and security recommendations effectively to technical and non-technical stakeholders
• Contribute to strategic initiatives and influence security decisions across the organization
• Contribute to detection, analysis, and response for threats targeting CI/CD pipelines and software supply chains
• Improve visibility, telemetry, and detection coverage across the software development lifecycle
• Identify attack patterns and strengthen controls related to build systems, dependencies, and deployment workflows
• Stay current on attacker TTPs, tools, and frameworks, including AI, cloud, and supply chain threats
• Share insights through documentation, training sessions, and team knowledge transfer
• Foster a culture of experimentation, continuous improvement, and technical excellence

Requirements

• Bachelor’s Degree in Computer Science or related field, or other relevant experience
• 6 to 8 years of experience with the analysis/investigation and containment of potential data breaches or cyber security incidents
• Scripting/Coding experience
• Python, Regex, Yara as examples
• Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
• Knowledge of malware families, botnets, threats by sector, and various attack campaigns and attacker methods, tools/techniques/practices
• Knowledge of cloud technologies including O365
• Common security controls is required including; authentication, encryption, IDS, WAFs, firewalls, HIPS, EDR, EPP, etc.
• Proficient in both Linux and Windows operating systems
• Understanding of application protocols
• Strong analytical, tactical and critical thinking ability.
• Ability to handle multiple competing priorities in a fast-paced environment.
• Ability to communicate effectively across multiple levels.
• Preferred CISSP, GIAC, or other relevant certification.

Tech Stack

• Cloud
• Cyber Security
• Firewalls
• Linux
• Python

Benefits

• Comprehensive benefits
• Differentiated compensation offerings
• Employee wellness programs