Security Analyst

RESPONSIBILITIES:

• Triage and investigate security alerts originating from internal security tooling as well as those escalated by external security monitoring partners.
• Monitor and manage the internal security operations ticket queue, ensuring alerts and investigations are prioritized, tracked, and resolved in a timely manner.
• Assist with investigation of security events across endpoint, identity, cloud, and SaaS platforms.
• Support incident response activities including investigation, containment coordination, documentation, and post-incident analysis.
• Respond to external threat intelligence and digital risk alerts related to potential brand abuse, impersonation, or exposed credentials.
• Collaborate with security engineering teams and external security partners to improve detection coverage and reduce false positives.
• Help identify gaps in logging, telemetry, or investigation workflows across security platforms.
• Assist with threat hunting and security investigations using data from SIEM and other security tools.
• Support vulnerability management workflows by assisting with triage, prioritization, and tracking of remediation activities.
• Own and manage the security operations queue while serving as a central intake point for security questions, alerts, and reports across the organization, ensuring items are triaged, prioritized, and driven through investigation or resolution.
• Operate the organization’s phishing simulation program to reduce susceptibility to social engineering threats, including managing phishing campaigns and coordinating targeted remediation training for users with repeated failures.
• Identify opportunities to improve security operations through process improvements, automation, and responsible use of AI to streamline investigation, triage, and reporting workflows.
• Maintain documentation for incident response procedures, investigation workflows, and operational playbooks.
• Participate in the security team’s on-call rotation to support investigation and response activities when needed.

QUALIFICATIONS:

• 3+ years of experience in security operations, incident response, threat detection, or a related cybersecurity role.
• Experience investigating security alerts or suspicious activity across environments such as endpoint, identity, cloud, or SaaS systems.
• Experience triaging and managing security investigation workflows, including ticket queues or incident tracking systems.
• Familiarity with SIEM platforms, log analysis, and security monitoring tools.
• Understanding of common attacker techniques and frameworks such as MITRE ATT&CK.
• Experience working with security tools such as EDR platforms, identity systems, cloud logging platforms, or similar technologies.
• Familiarity with modern AI-enabled tools used in enterprise environments and an understanding of risks associated.
• Experience improving security operations through automation, scripting, or responsible use of AI to increase operational efficiency.
• Strong analytical and investigative skills with the ability to evaluate security events and determine potential impact.
• Ability to coordinate investigations across multiple teams and communicate findings clearly to technical and non-technical stakeholders.
• Strong written documentation skills for incident records, investigation notes, and operational procedures.
• Relevant security certifications such as Security+, CySA+, SSCP, GSEC, or GCIH are a plus.