Security Analyst

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee and assess security events using Splunk Enterprise Security (ES).

• Develop, maintain, and fine-tune Splunk searches, correlation rules, alerts, and dashboards.

• Carry out incident response activities from detection to containment, eradication, recovery, and closure.

• Examine endpoint security incidents with Microsoft Defender for Endpoint.

• Manage endpoint policies and conduct incident investigations.

• Evaluate AWS cloud security telemetry using GuardDuty, Security Hub, and other associated cloud security tools.

• Detect threats, vulnerabilities, suspicious actions, and cloud misconfigurations.

• Execute alert triage, incident scoping, and escalation activities as per established playbooks.

• Suggest enhancements and updates to operational procedures and incident response playbooks.

• Assist in threat hunting efforts and detection engineering initiatives that align with MITRE ATT&CK methodologies.

• Conduct phishing investigations, enhance alerts, and perform forensic reviews.

• Carry out root cause analysis and document corrective actions following security incidents.

• Track incidents and operational tasks using case management systems.

• Participate in tabletop exercises and operational readiness initiatives.

• Collaborate with Security Operations teams, Incident Response personnel, and federal stakeholders.

• Prepare reports and communicate findings to both technical and non-technical audiences.

• Perform additional job-related duties as assigned.

⛳️ Requirements

• Three (3) to five (5) years of experience in cybersecurity operations, SOC analysis, incident response, or related security fields.

• Proven hands-on experience with Splunk Enterprise Security, including development of searches, creation of dashboards, and tuning of correlation rules.

• Experience with Microsoft Defender for Endpoint for security investigations and policy management.

• Working knowledge of AWS cloud security technologies such as GuardDuty, Security Hub, or similar tools.

• Demonstrated experience managing incidents across the entire incident response lifecycle.

• Familiarity with the MITRE ATT&CK framework and common tactics, techniques, and procedures used by threat actors.

• Knowledge of incident response methodologies and frameworks like NIST 800-61.

• Strong analytical, investigative, and problem-solving skills.

• Excellent written and verbal communication abilities.

• Experience supporting federal government clients or working in highly regulated environments.

• Capacity to work independently while effectively collaborating with cross-functional teams.

🏝️ Benefits

• Medical

• Dental

• Vision

• 401(k)

• Paid Time Off

• Life Insurance

• Disability Coverage

• Other benefits as provided.