Investigate, triage, analyze, contain, eradicate, and support recovery activities for cybersecurity incidents across enterprise and cloud environments.
Perform detailed analysis of security events generated by SIEM, EDR/XDR, IDS/IPS, cloud-native security tools, and endpoint technologies.
Collaborate with Security Operations and Splunk Detection Engineering teams to improve detection content, tune alerts, reduce false positives, and enhance detection effectiveness.
Conduct proactive threat hunting using threat intelligence, behavioral analytics, and MITRE ATT&CK techniques.
Perform root cause analysis and recommend corrective and preventive actions.
Document investigation findings, incident timelines, lessons learned, and technical reports.
Assist in developing and maintaining Incident Response playbooks, SOPs, and workflows.
Support digital evidence collection and basic forensic activities while maintaining chain of custody.
Participate in security assessments, architecture reviews, tabletop exercises, phishing simulations, and readiness activities.
Support security reviews of IT systems, applications, and cloud services.
Assist with cybersecurity policies, standards, and operational procedures.
Collaborate with Cloud Security, Vulnerability Management, Infrastructure, and Application teams.
Monitor incident metrics and contribute to operational reporting.
Stay current on emerging threats and industry best practices.
Performs other job-related duties as assigned.
Requirements
5+ years of cybersecurity experience with at least 3 years in Incident Response, Security Operations, Threat Hunting, or Detection Engineering.
Hands-on experience investigating Windows, Linux, cloud, identity, and network incidents.
Experience with SIEM platforms such as Splunk ES, Microsoft Sentinel, QRadar, or similar.
Experience with EDR/XDR platforms such as Microsoft Defender, CrowdStrike, SentinelOne, or similar.
Knowledge of AWS GuardDuty, Security Hub, Azure Defender, or equivalent cloud security tools.
Strong understanding of MITRE ATT&CK and the incident response lifecycle.
Experience with log analysis, malware triage, threat hunting, and root cause analysis.
Strong written and verbal communication skills.
Ability to thrive in a fast-paced operational environment.
Experience with Splunk Enterprise Security correlation searches and detection tuning preferred.
Familiarity with Splunk SOAR or similar orchestration platforms preferred.
Experience supporting phishing investigations and tabletop exercises preferred.
Knowledge of FISMA, FedRAMP, NIST RMF, NIST 800-61, and NIST CSF preferred.
Python or PowerShell scripting experience preferred.
GCIH, GCIA, GCFA, CISSP, Security+, CySA+, or CEH certifications preferred.
Must be eligible to obtain and maintain a Public Trust.
Past applicable job experience may include, but is not limited to: Incident Response Analyst, Cybersecurity Analyst, Security Operations Center (SOC) Analyst, Threat Hunter, Detection Engineer, and Cyber Incident Responder.
Must pass pre-employment qualifications of Cherokee Federal.
Tech Stack
AWS
Azure
Cloud
Cyber Security
Linux
Python
Splunk
Benefits
Medical
Dental
Vision
401K
Other possible benefits as provided. Benefits are subject to change with or without notice.