Cybersecurity Analyst

The Cybersecurity Analyst strengthens endpoint, identity, and detection controls by operating and improving EDR, SIEM, vulnerability management, Azure Entra ID/Active Directory, and security awareness programs while supporting real-world investigations.
This is a hands-on analyst role, compensation and scope reflect direct ownership and operation of security tools rather than a purely advisory or architectural function.
Duties and Responsibilities

• Monitor SIEM and EDR alerts, investigate and document findings, escalate per runbooks, and tune detections to reduce noise while maintaining coverage
• Perform root-cause analysis of incidents where applicable
• Conduct periodic threat hunting aligned with current attacker techniques
• Maintain EDR policies, agent health, and containment workflows, and coordinate remediation with IT operations
• Perform vulnerability scans, prioritize CVEs, drive patching or mitigations, track SLAs, and report risk trends
• Enforce MFA and Conditional Access, review privileged access, and support identity hardening and authentication policies
• Plan and execute phishing simulations and role-based security awareness training, reporting metrics and driving behavior improvement
• Develop SIEM analytics and playbooks, enrich detections, and support incident response and post-incident reviews
• Maintain procedures and evidence, support audit and risk activities, and contribute to the security policy lifecycle

Requirements
Education:
Bachelor’s degree in information technology, Cybersecurity, Computer Science, or a related field preferred. Equivalent relevant work experience may be substituted.
Experience:
1–5+ years in cybersecurity or IT operations, or equivalent hands-on experience. Candidates are expected to be comfortable working directly in security tools; depth of responsibility will align with experience. Preferred hands-on experience in several of the following areas:

• EDR policy management, investigations, and containment
• Alert triage, query development, dashboards, and runbooks
• Vulnerability scanning, prioritization, and remediation
• Azure Entra ID / Active Directory with MFA, Conditional Access, and privilege hygiene
• Cybersecurity awareness training and phishing campaigns with metrics reporting
• PowerShell: ability to read and modify basic scripts; advanced scripting a plus.
• Familiarity with ticketing and change management
• Clear incident documentation and concise stakeholder updates
• Experience supporting audits or security questionnaires

Skills/Knowledge:

• Security Tooling (transferable): SIEM (Microsoft Sentinel, Splunk, ConnectWise), EDR (CrowdStrike, SentinelOne, Microsoft Defender), vulnerability management (Tenable, Qualys), and security awareness platforms (KnowBe4)
• Working knowledge of security frameworks (NIST CSF, 800-53/800-171, CIS Controls)
• Azure and Microsoft 365 security fundamentals, detection tuning and automation using KQL and PowerShell
• Comfortable learning new tools and techniques while working on real investigations.

Other:

• Separates signal from noise and uses data to justify tuning and remediation
• Drives incidents and vulnerabilities to closure with cross-functional teams
• Balances security controls with user experience and operational impact
• Translates technical risk for non-technical audiences