Serve as lead handler for escalated insider risk and cyber incidents; establish investigation strategy, ensure timely execution, and drive incident closure.
Conduct deep-dive analysis of security events using telemetry, endpoint/network evidence, and threat intelligence to determine scope, impact, and root cause.
Create, tune, and deploy new detection rules and analytics aligned to evolving threats and suspicious behaviors; reduce false positives and improve signal-to-noise.
Perform targeted hunts to discover emerging behaviors and translate findings into actionable detections, controls, and playbooks.
Partner with IT and security stakeholders to drive containment, remediation, and recovery actions across endpoints, identities, and cloud services.
Contribute to incident response process improvements, documentation standards, and after-action reviews; support development of tabletop exercise scenarios.
Produce clear, concise updates for leadership (status, impact, risk, and next steps) and deliver required incident reports and post-incident summaries.
Coach and mentor analysts in triage and investigation practices; serve as a subject matter expert across the incident response organization.
Build and maintain integrations between multiple enterprise security tools to improve automation, asset inventory accuracy, vulnerability identification, and response workflows.
Implement AI-assisted monitoring and analytics to improve correlation, enrichment, prioritization, and triage of alerts; reduce manual effort and improve time to decision.
Develop and maintain risk-scoring approaches for endpoints and users based on security posture, vulnerabilities, and behavioral signals.
Produce trend analyses and operational health reporting (e.g., coverage, agent health, patch/compliance drift, and incident patterns) and translate results into improvement actions.
Develop and maintain automation via APIs, scripting, and orchestration to support agent deployment/upgrade workflows, compliance checks and remediation, rapid scoping, containment support, targeted remediation, and continuous control validation.
Requirements
5+ years of hands-on cybersecurity experience in incident response, security operations, insider risk, threat detection, or a closely related function.
Demonstrated experience leading or handling escalated incidents, including triage, investigation, containment, remediation, and post-incident reporting in complex enterprise environments.
Proficiency with security telemetry and investigation workflows across endpoint and network data sources; experience using SIEM analytics (e.g., Splunk) and EDR tooling.
Working knowledge across multiple domains such as host analysis, network forensics, cloud environments, UEBA/anomaly detection, intrusion detection, threat research/intelligence, detection engineering, and data analysis.
Ability to develop or maintain automation using scripting (e.g., Python, PowerShell, Bash) and/or APIs to improve security operations.
Strong written and verbal communication skills, including the ability to produce executive-ready summaries and lead discussions with technical and non-technical stakeholders.
Demonstrated integrity and discretion in handling sensitive investigations and confidential data.
Tech Stack
Cloud
Cyber Security
Python
Splunk
Benefits
Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected