The University of Texas MD Anderson Cancer Center is seeking a Cybersecurity Analyst to support its Cybersecurity department within the Security Operations Center (SOC). The role involves safeguarding enterprise systems and data against cyber threats, ensuring continuous monitoring, rapid detection, and response to security incidents.
Responsibilities:
- Monitor network traffic and security alerts across SIEM, EDR, and firewall platforms
- Review and analyze high volumes of alerts to distinguish benign activity from threats
- Triage alerts using predefined playbooks and standard operating procedures
- Perform real-time analysis of security telemetry to identify anomalies
- Execute first-response containment actions such as disabling compromised accounts
- Isolate infected endpoints to prevent lateral movement
- Create detailed incident tickets with supporting evidence and timelines
- Escalate confirmed or high-risk incidents to Tier 2 and Tier 3 analysts
- Participate in threat hunting across endpoint, network, identity, and cloud environments
- Apply threat intelligence and hypotheses to detect emerging threats
- Analyze patterns and identify gaps in detection coverage
- Support development of improved detection strategies
- Utilize approved AI tools, including generative and agentic capabilities, to enhance SOC processes
- Improve alert triage, investigations, and documentation using AI-enabled workflows
- Develop and deploy AI agents integrated with security tools via Model Context Protocol (MCP)
- Automate repetitive tasks to increase efficiency and response speed
- Contribute to SOC dashboards, metrics, and reporting on threat trends and activity
- Maintain and update runbooks, documentation, and SOPs for consistent operations
- Support continuous improvement initiatives in SOC processes
- Perform additional duties as assigned
Requirements:
- Bachelor's Degree Computer Information Systems, Business Information Systems, Computer Science or related field
- 2 years In one or more information security domains, to include managing security technologies and/or programs and developing information security standards and procedures
- Ability to work on an on-call rotation and/or shift coverage as required by 24x7 SOC operations
- Master's Degree Information Security, Computer Science or related field
- At least 2–3 years of hands-on experience working in a Security Operations Center performing alert triage, investigation, and incident response, hands-on (querying, building/tuning detections, dashboards) in an enterprise SIEM, direct experience leading or serving as a primary responder on security incidents through the full lifecycle, relevant industry certification (e.g., GCIA, GCIH, GCFA, CySA+, Security+, or equivalent)
- SANS or other applicable industry or systems certification