Abnormally-Precise, Cloud-Native Email Security

Cyber Defense Analyst

AnalystAnalystFull TimeRemoteTeam 501-1,000H1B SponsorCompany Site LinkedIn

Location

United States

Posted

129 days ago

Salary

$144.5K - $170K / year

Bachelor Degree3 yrs expEnglishAWSCloudPythonService NowSplunk

Job Description

• Monitor alerts from tools like SIEM, EDR, IAM, CSPM, CDR etc. • Perform initial triage, enrichment, and correlation across multiple data sources. • Identify false positives and fine-tune rules with detection engineering. • Lead containment, eradication, and recovery for endpoint, cloud, and identity incidents. • Document and communicate incidents through SOAR/Jira/ServiceNow workflows. • Perform root cause analysis and propose permanent preventive controls. • Proactively hunt using hypotheses mapped to MITRE ATT&CK. • Investigate anomalies across CloudTrail, Okta, GitHub, and other telemetry sources. • Collaborate with threat intelligence to identify emerging TTPs. • Build or enhance playbooks in SOAR (Torq or equivalent). • Create custom enrichment scripts and automations (Python, Bash, etc.). • Suggest new detection logic and operational improvements. • Track and report operational metrics (MTTD, MTTR, incident categories). • Maintain documentation and lessons learned.

Job Requirements

3–5 years of hands-on SOC or Incident Response experience in a cloud-first or hybrid environment.
Strong understanding of attacker lifecycle, MITRE ATT&CK, and threat actor TTPs.
Experience with EDR (CrowdStrike preferred), SIEM (Splunk preferred), and SOAR (Torq, XSOAR, or Phantom).
Familiarity with AWS, Okta, and SaaS platforms.
Proficiency in writing queries and automations using Python, SPL, or equivalent.
Excellent analytical and investigative skills — capable of operating independently with minimal hand-holding.
Strong documentation and communication skills for technical and executive audiences.