Finance of AmericaRemote
Cyber Security Analyst
United States of America
Full Time
4 hours ago
$80,000 - $130,000 USD
Visa Sponsor
Key skills
PythonPowerShellAzureEntra IDKibanaJiraCommunicationNetwork SecurityCloud Security
About this role
Finance of America helps homeowners 55+ access the equity they’ve built while staying in full control of their home and their financial future. The Cyber Security Analyst will be responsible for conducting investigations into security events, leading incident response activities, and refining detection logic to improve security operations.
Responsibilities:
- Utilizes Crowdstrike, Azure/M365, Elastic/Kibana, and other enterprise tooling to correlate events across multiple data sources to identify patterns and emerging threats
- Leads investigations for escalated alerts involving endpoints, cloud identity, authentication, and network telemetry
- Performs containment actions such as host isolation, token revocations, and malicious rule quarantines following established Incident Response procedures and playbooks
- Reviews and tunes detections, lenses, dashboards, and alerts thresholds to reduce false positives and improve actionable intelligence
- Participates in threat hunting missions and proposes hypotheses based on telemetry gaps or unusual environmental behavior
- Contributes to playbook updates, new runbook/playbook creations, and continuous improvement of SOC operations
- Documents incident timelines, root causes, and recommended mitigations for larger organizational teams
- Maintains awareness of current threats, attack techniques, and organizational security policies
- Provides timely communication to senior analysts regarding suspicious activity, potential incidents, and operational risks
- Follows SOC procedures for incident response, containment actions, and enhanced monitoring tasks
- Participates in shift turnover briefings, contributes to daily operational reporting, and ensures accurate case hand-off
- Protects sensitive information and maintains strict confidentiality in all SOC work
- Performs other duties as assigned
Requirements:
- Minimum 3 years experience in cyber security analysis or a related role
- Foundational understanding of networking, operating systems, and security principles
- Strong knowledge of security event triage, threat indicators, and common attack techniques (MITRE ATT&CK familiarity preferred)
- Experience and working knowledge in: Azure/M365 Security (Entra ID sign-ins, Defender alerts, Audit Logs, Conditional Access), CrowdStrike Falcon (detections, host overview, process trees, investigations), Elastic / Kibana (search queries, dashboards, lenses, detection alerts), JIRA (ticket management, documentation, workflow transitions), and Endpoint/Network Security Fundamentals
- Experience performing incident containment and coordinating with IT or cloud engineering teams
- Ability to read and interpret logs from endpoints, cloud systems, email security tools, and authentication platforms
- Basic understanding of Windows and Linux system behaviors, processes, and common administrative commands
- Familiarity with phishing indicators, malware behaviors, user account anomalies, and suspicious network activity
- Ability to research new technologies, techniques, tactics, and incorporate that information into analytical processes
- Strong analytical thinking and problem-solving skills, including ability to follow playbooks accurately
- Ability to work in a fast-paced 24/7 SOC environment with shifting priorities and time-sensitive responses
- Clear written communication for documenting investigations and summarizing findings
- High attention to detail and disciplined adherence to procedures and evidence-handling standards
- Willingness to learn new tools, techniques, and detection methods, including shadowing senior analysts and participating in training
- Ability to work collaboratively with IT, security engineering, incident response, and management teams
- Ability to multitask, work on multiple events, and communicate with other team members virtually
- Ability to take initiative, work autonomously, and complete tickets as prioritized
- Bachelor's Degree or comparable qualifications
- Cybersecurity, Information Technology, Computer Science, or related field
- Equivalent technical certification or hands-on experience (e.g., Security+, CySA+, CCNA CyberOps, or similar)
- Scripting for automation or enrichment (Python, Powershell)
- Intermediate cloud security experience
- Certifications (CySA+)