Cyber Defense Analyst

This is a fully remote position, open to applicants in Australia.

📋 Description

• Oversee and prioritize security alerts across SIEM, EDR, and CSPM platforms that encompass both corporate and product environments.

• Analyze alerts to assess scope, severity, and determine if escalation is necessary.

• Utilize AI-assisted triage and enrichment tools to enhance analysis speed and minimize mean time to detection.

• Categorize, document, and monitor alerts throughout their entire lifecycle using ticketing and case management systems.

• Engage in or lead incident response efforts from detection to remediation, which includes evidence collection, forensic examination, root cause analysis, and communication with stakeholders.

• Perform investigations across SIEM, EDR, CSPM, and cloud-native log sources, including identity provider logs, cloud audit trails, and network flow information—covering both corporate and product infrastructure.

• Implement established IR runbooks for identity, endpoint, cloud, and email investigation workflows.

• Manage or assist in the handling of evidence, forensic artifact collection, and maintaining chain-of-custody protocols.

• Create clear, decision-ready incident summaries and post-incident reports for technical and leadership audiences alike.

• Aid in the design, implementation, and tuning of detection rules on SIEM and EDR platforms, focusing on minimizing false positives and addressing coverage gaps.

• Convert threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, especially regarding threats aimed at privileged access tools and supply chain attack vectors.

• Assist in maintaining and enhancing detection coverage aligned with MITRE ATT&CK.

• Employ AI-driven tools for alert triage, enrichment, and investigation as a standard practice in daily operations.

• Support the assessment, integration, and optimization of AI and automation capabilities throughout the team’s workflows.

• Help design prompts, agent workflows, or LLM-based pipelines that enhance analyst capabilities and reduce manual workload.

• Collaborate with engineering teams to enhance log ingestion, ensure data quality, and improve tool integrations.

• Keep daily operational notes and shift handoff documentation up-to-date.

⛳️ Requirements

• Minimum of 2 years of experience in a SOC, security operations, or incident response position.

• Knowledge of common attack frameworks (MITRE ATT&CK), network protocols, and endpoint behaviors.

• Experience with at least one SIEM platform and familiarity with crafting search or detection queries.

• Familiarity with EDR platforms and cloud environments (IaaS preferred).

• Comfort in utilizing AI systems (e.g., LLM-based assistants, copilots, or AI-driven analysis tools) as part of security workflows.

• Excellent written communication skills; capable of documenting findings clearly and succinctly for both technical and non-technical audiences.

🏝️ Benefits

• Diversity and inclusion are more than just words for us; they are the core values that guide how we build our teams, develop leaders, and foster a culture where individuals feel connected.

• We prioritize the well-being of our employees so that they can, in turn, provide exceptional service to our customers, who come from various backgrounds just like us. We hire remarkable individuals from diverse backgrounds because our differences make us stronger together.