Senior Analyst – Cyber Threat Operations Center

The Senior (Tier 2) CTOC Analyst is a key player in monitoring, analyzing, and responding to security events across the organization. This role involves handling complex incidents, conducting threat hunts, and supporting all phases of the incident response lifecycle. The Senior Analyst will also mentor junior analysts, providing day-to-day guidance on analysis techniques, tool utilization, and best practices for incident response to build a stronger, more resilient CTOC team. Additionally, this role includes managing moderately large projects, with minimal supervision, and employing creative problem-solving to address a wide variety of security challenges. Reporting to the CTOC Manager, you will collaborate with cross-functional teams and external partners, ensuring alignment with industry standards such as NIST, MITRE ATT&CK, and CIS Controls.

What you’ll do at Avant:

• 24/7 Security Event Monitoring: Actively monitor and respond to security alerts and incidents, conducting both initial triage and advanced analysis to assess escalation needs. Participate in a 24/7 response rotation.

• Incident Response and Threat Hunting: Execute containment, eradication, and recovery actions for incidents, and conduct proactive threat hunting based on threat intelligence and dark web insights to identify potential threats across the environment.

• Mentorship of Junior Analysts: Provide day-to-day mentorship to junior analysts, enhancing their technical skills, analysis techniques, and understanding of threat landscapes. Conduct training sessions, review their work, and provide actionable feedback to boost team effectiveness.

• Advanced Analysis and Documentation: Perform in-depth root cause analysis on security incidents, document findings comprehensively, and offer actionable insights to support cross-functional teams in decision-making.

• Tool Optimization and Automation: Leverage and optimize SIEM, EDR, and security orchestration tools to improve detection and response efficiency. Identify and implement automation opportunities to streamline routine tasks, enhancing overall CTOC productivity. 

• Threat Intelligence Integration: Analyze and integrate threat actor tactics, techniques, and procedures (TTPs) into CTOC processes, focusing on high-priority threats such as ransomware, insider threats, and advanced persistent threats (APTs). Engage with MISP, ISACs, and threat intelligence sources to stay informed on evolving threats.

• Collaboration and Information Sharing: Participate in information-sharing initiatives with peers, ISACs, and other partners to enhance situational awareness, improve response strategies, and strengthen collaboration.

• Playbook Development and SOP Enhancement: Assist in creating and refining incident response playbooks and SOPs, ensuring alignment with NIST CSF, CIS Controls, and other frameworks to bolster CTOC resilience and effectiveness.

• Project Leadership and Autonomy: Manage moderately large projects independently, from planning to execution, ensuring timely delivery of outcomes. Operate effectively with minimal supervision, demonstrating initiative and accountability.

• Post-Incident Review and Continuous Improvement: Lead post-incident reviews to identify lessons learned, suggest process improvements, and drive changes that capabilities. response future enhance

   

Why you're a fit at Avant:

• Experience: 3-5 years in information security, preferably within a 24/7 CTOC or similar environment, monitoring cloud-native infrastructure.

• Bachelor's degree in Information Security, Computer Science, or a related field, or comparable experience.

• Technical Skills: Proficiency with operational security controls such as SIEM platforms, EDR, IDS/IPS, DLP, and data analysis. Experience with threat intelligence platforms and security orchestration tools preferred.

• Knowledge Base: Comprehensive understanding of cybersecurity principles, network protocols, and regulatory compliance (e.g., PCI, FTC Safeguards). Familiarity with frameworks such as MITRE ATT&CK, CIS Controls, and NIST CSF.

• Mentorship and Leadership Skills: Proven experience mentoring junior analysts, focusing on technical skill development and enhancing analytical thinking.

• Certifications: GCED, GCIH, GCIA, CISSP, or equivalent certification(s) is preferred.

  
  

Preferred Qualifications:

• Ability to communicate complex security concepts clearly to stakeholders at all levels.

• Strong organizational skills, adaptability, and the ability to make sound decisions under pressure.

• Demonstrated integrity, commitment to continuous improvement, and the ability to handle a wide variety of issues creatively and independently.

• This role offers the opportunity to apply advanced cybersecurity expertise, mentor junior talent, lead projects independently, and contribute to the strength and adaptability of the CTOC in a rapidly changing threat environment