Sr System Cyber Analyst

Overview

Responsibilities

• Execute and oversee incident response across all phases of the cyber kill chain.
• Investigate incidents from detection to resolution by rapidly assessing threats, determining impact, coordinating responses, collaborating with relevant teams, and managing incident response through all stages of the cyber kill chain.
• Develop and maintain incident response playbooks and procedures to align with industry best practices and emerging threats, leveraging threat intelligence for enhanced detection and response.
• Design and implement cloud-focused incident response processes, expand SOC capabilities, integrate cloud-native tools, and collaborate with engineering teams to strengthen detection, investigation, and optimizing detection and response for AWS, Azure, and GCP environments.
• Investigate network and cloud activity by analyzing logs, packet captures, endpoint telemetry, and applying frameworks like MITRE ATT&CK to identify attacker entry points, lateral movement, and indicators of compromise.
• Lead post-incident reviews by documenting actions, performing root-cause analysis, identifying vulnerabilities, and continuously enhancing SOC detection and response processes.
• Collaborate with SOC analysts and other teams to enhance investigative and triage skills, deliver ongoing training, and embed security best practices throughout the organization.

Qualifications

• Master's Degree and (2) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or
• Bachelor's Degree and (3) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience. or
• Associate's Degree and (4) years of Cybersecurity Operations, Cybersecurity Engineering, Incident Response or other related experience.

• Demonstrated experience in security monitoring, threat detection, and effective management of real-world cyber incidents in collaboration with stakeholders, required.
• Proficient in utilizing both commercial and open-source cybersecurity tools, required.
• Hands-on experience in coordinating containment, eradication, and recovery operations for a variety of threats, including malware, phishing, ransomware, cloud-based, and edge attacks, required.
• Experienced in working with cybersecurity teams and other business units to ensure seamless incident response and communication, required.
• Capable of providing timely updates to leadership during security incidents and documenting comprehensive incident reports, required.
• Certifications such as GCIA, GCIH, GCFA, GNFA, CISSP, OSCP, or cloud-specific certifications like AWS Security Specialty, Azure Security Engineer Associate, or Google Professional Cloud Security Engineer, preferred.
• Experience automating SOC workflows using Python, PowerShell, or similar scripting languages, preferred.
• Familiarity with hybrid cloud/on-premise security integration, preferred.

• Strong verbal communication and listening skills
• Demonstrated written communication skills
• Demonstrated analytical skills
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

• Driver's License Required
• Other: Relevant DFIR certifications such as GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar. Preferred

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• Must be able and willing to travel within Company service territory, as needed.