Key skills
CloudCyber SecurityFirewallsCritical ThinkingFirewall
About this role
Role Overview
- Lead investigation and response activities for confirmed and escalated cyber security incidents in accordance with established playbooks and service level targets
- Perform analysis of suspicious activity across endpoint, network, identity, email, cloud, application, and system log sources
- Analyze, investigate, and correlate data from SIEM/SOAR, EDR, firewall, proxy, intrusion detection/prevention, email security, and other monitoring platforms to drive accurate incident response
- Document investigations, findings, actions taken, and escalation details in the case management system with clear, complete, and timely notes
- Create full summary reports of events of interest to drive after action and lessons learned activities
- Follow shift handoff procedures and communicate open issues, emerging threats, and significant events to team members and incident handlers
- Contribute to continuous improvement by identifying recurring false positives, process gaps, and opportunities to improve alert quality, runbooks, and analyst efficiency
- Drive containment, eradication, and recovery actions in coordination with infrastructure and technology teams
- Collaborate with Tier 1 analysts to improve detection and response capabilities and provide guidance on escalation quality
- Partner with security engineering teams to ensure effective operation and tuning of security tools and detection capabilities
Requirements
- 3-6 years of experience in cyber security operations, incident response, security monitoring, IT operations, networking, or a related enterprise technology environment
- Proven experience handling and responding to cyber security incidents in a SOC or CSIRT environment
- Direct experience with security technologies such as SIEM, EDR, IDS/IPS, email security, firewalls, proxy tools, or case management platforms is preferred
- Strong knowledge of incident response processes, investigative techniques, threat indicators, and attack methodologies
- Hands-on experience with log analysis and forensic investigation techniques
- Ability to prioritize work, manage multiple active incidents, and make sound decisions in a fast-paced, high-impact operational environment
- Strong critical thinking skills, and investigative mindset to analyze complex activity, connect related indicators, and identify root cause and scope of incidents
- Bachelor’s degree in cyber security, information technology, computer science, or a related field preferred; equivalent practical experience.
Tech Stack
- Cloud
- Cyber Security
- Firewalls
Benefits
- Annual incentive opportunity (cash bonus and equity awards)
- Health insurance
- Professional development opportunities