Cyber Security Analyst

Role SummarySenior monitoring analyst and technical authority within the SOC. Not here to follow playbooks — here to improve them. Handles the most complex incidents, mentors L1/L2 analysts, drives detection engineering, and owns escalation decisions. If you still need someone to tell you what to investigate after 5 years, this is not your role.

Core Responsibilities

Advanced Incident Response

• Own investigation and response for high and critical severity incidents end-to-end
• Perform deep-dive forensic analysis across endpoints, network, cloud, and identity systems
• Make containment and remediation decisions independently — no waiting for approval on obvious threats
• Lead incident response bridge calls and coordinate across IT, legal, and leadership during major incidents
• Produce detailed post-incident reports with root cause analysis and actionable recommendations

Detection Engineering

• Develop, tune, and maintain SIEM detection rules, correlation logic, and alert thresholds
• Continuously reduce false positive rates without creating detection blind spots
• Build detection use cases mapped directly to MITRE ATT&CK techniques relevant to the organization's threat landscape
• Identify gaps in current detection coverage and propose solutions with justification

Mentorship & Quality Control

• Review L1/L2 triage decisions and provide structured feedback — not just corrections
• Develop and deliver internal training on attack techniques, tools, and investigation methodology
• Validate and update incident response playbooks based on real incident learnings
• Set the quality standard for documentation, escalation, and closure in the SOC

Reporting & Stakeholder Communication

• Translate complex technical incidents into clear executive-level briefings
• Provide weekly and monthly SOC performance metrics to SOC Manager
• Recommend process and tooling improvements backed by data and incident evidence

Requirements

Experience

• Minimum 5 years in cybersecurity with at least 3 years in a SOC environment
• Proven experience handling critical incident response independently
• Demonstrated experience building or tuning SIEM detection rules — not just consuming alerts
• Track record of mentoring junior analysts with measurable improvement in team output

Technical Skills

• Expert-level SIEM proficiency: Splunk, Microsoft Sentinel, IBM QRadar, or equivalent
• Deep knowledge of Windows and Linux internals, log structures, and artifact analysis
• Strong network forensics: packet analysis, NetFlow, DNS, proxy logs
• EDR proficiency: CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint
• Cloud security monitoring: AWS CloudTrail, Azure Monitor, GCP Security Command Center
• Scripting mandatory: Python or PowerShell for automation and investigation tooling
• Memory forensics and disk forensics capability: Volatility, FTK, Autopsy
• Threat intelligence consumption and application — not just reading reports, actually using IOCs and TTPs in investigations

Frameworks

• MITRE ATT&CK — must be able to map incidents to techniques without looking it up
• NIST Incident Response Framework
• Cyber Kill Chain
• Diamond Model of Intrusion Analysis

Certifications (strongly preferred)

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Essentials (GSEC)
• Splunk Certified Power User or Architect
• Microsoft SC-200
• CISSP (advantage)

Education

• Bachelor's degree in Cybersecurity, Computer Science, or related field
• Relevant certifications and demonstrated experience outweigh degree if portfolio is strong

• What This Role is NOTNot a senior title for someone who just does faster L2 work
• Not a role where you escalate everything upward — you are the escalation point
• Not limited to shift monitoring — you own detection quality across the entire SOC operation
• Shift & AvailabilityPrimary daytime shift with on-call availability for critical incidents
• Expected to respond to P1 incidents outside business hours when required