Cybersecurity Analyst

Purpose

The Cybersecurity Analyst strengthens endpoint, identity, and detection controls by operating and improving EDR, SIEM, vulnerability management, Azure Entra ID/Active Directory, and security awareness programs while supporting real-world investigations.

This is a hands-on analyst role, compensation and scope reflect direct ownership and operation of security tools rather than a purely advisory or architectural function.

Duties and Responsibilities

. Monitor SIEM and EDR alerts, investigate and document findings, escalate per runbooks, and tune detections to reduce noise while maintaining coverage

. Perform root-cause analysis of incidents where applicable

. Conduct periodic threat hunting aligned with current attacker techniques

. Maintain EDR policies, agent health, and containment workflows, and coordinate remediation with IT operations

. Perform vulnerability scans, prioritize CVEs, drive patching or mitigations, track SLAs, and report risk trends

. Enforce MFA and Conditional Access, review privileged access, and support identity hardening and authentication policies

. Plan and execute phishing simulations and role-based security awareness training, reporting metrics and driving behavior improvement

. Develop SIEM analytics and playbooks, enrich detections, and support incident response and post-incident reviews

. Maintain procedures and evidence, support audit and risk activities, and contribute to the security policy lifecycle

• Other duties as assigned

Minimum Requirements

Education:

Bachelor's degree in information technology, Cybersecurity, Computer Science, or a related field preferred. Equivalent relevant work experience may be substituted.

Experience:

1–5+ years in cybersecurity or IT operations, or equivalent hands-on experience. Candidates are expected to be comfortable working directly in security tools; depth of responsibility will align with experience. Preferred hands-on experience in several of the following areas:

• EDR policy management, investigations, and containment
• Alert triage, query development, dashboards, and runbooks
• Vulnerability scanning, prioritization, and remediation
• Azure Entra ID / Active Directory with MFA, Conditional Access, and privilege hygiene
• Cybersecurity awareness training and phishing campaigns with metrics reporting
• PowerShell: ability to read and modify basic scripts; advanced scripting a plus.
• Familiarity with ticketing and change management
• Clear incident documentation and concise stakeholder updates
• Experience supporting audits or security questionnaires

Skills/Knowledge:

• Security Tooling (transferable): SIEM (Microsoft Sentinel, Splunk, ConnectWise), EDR (CrowdStrike, SentinelOne, Microsoft Defender), vulnerability management (Tenable, Qualys), and security awareness platforms (KnowBe4)
• Working knowledge of security frameworks (NIST CSF, 800-53/800-171, CIS Controls)
• Azure and Microsoft 365 security fundamentals, detection tuning and automation using KQL and PowerShell
• Comfortable learning new tools and techniques while working on real investigations.

Other:

• Separates signal from noise and uses data to justify tuning and remediation
• Drives incidents and vulnerabilities to closure with cross-functional teams
• Balances security controls with user experience and operational impact
• Translates technical risk for non-technical audiences