Cyber Security Specialist III

Role Summary
A highly skilled Cyber Security Specialist is needed to support 24/7/365 security operations within a remote Security Operations Center (SOC). This senior-level role involves monitoring, analyzing, and responding to cybersecurity threats across hybrid cloud and on-premises environments. The position requires expertise in incident detection, investigation, threat hunting, and infrastructure support, with a focus on maintaining security posture in a dynamic and evolving landscape.

Responsibilities

• Conduct advanced endpoint detection and response (EDR) analysis, including alert triage, behavioral rule tuning, IOC investigation, and telemetry enrichment.
• Manage EDR platform administration by ensuring agent health, deployment, integration with SIEM systems, and troubleshooting endpoint concerns in collaboration with SysAdmins.
• Perform digital forensics during security incidents, acquiring, preserving, and analyzing endpoint artifacts such as memory, disks, registry, and logs; support root cause analysis and ensure forensic evidence integrity.
• Support SOC architecture enhancements to improve visibility, data accuracy, and detection capabilities across hybrid cloud and on-prem environments.
• Execute threat detection, log analysis, and anomaly investigation across cloud workloads (AWS preferred) and on-prem infrastructures.
• Lead initial incident response efforts, investigating malware, phishing attempts, lateral movements, privilege misuse, and data theft.
• Utilize threat intelligence to augment alerts and identify tactics, techniques, and procedures (TTPs) following the MITRE ATT&CK framework.
• Document case details and investigative steps thoroughly within case management systems, escalating incidents according to SOPs.
• Participate in proactive threat hunting based on hypotheses, threat feeds, and system intelligence.
• Collaborate with engineering teams, system administrators, and cybersecurity stakeholders to contain, remediate, and improve security defenses.
• Ensure compliance by collecting and maintaining audit trails, access logs, and investigative artifacts.
• Stay up-to-date with emerging threats, vulnerabilities, and attack techniques targeting hybrid and cloud environments.
• Monitor threat intelligence sources, advisories, and vulnerability disclosures to maintain situational awareness.
• Provide shift summaries and briefings to inform ongoing cybersecurity efforts.

Qualifications

• 5+ years of experience in cybersecurity, specifically in SOC environments, incident response, or threat analysis.
• Strong knowledge of incident detection tools such as SIEM (e.g., Splunk), SOAR platforms, and EDR solutions.
• Demonstrated experience with digital forensics, malware analysis, and threat hunting techniques.
• Familiarity with compliance and audit frameworks like NIST CSF, 800-53, CIS Benchmarks, and STIGs.
• Proficiency with vulnerability scanning tools (e.g., Tenable Nessus) and CVE analysis.
• Skilled in scripting languages such as PowerShell, Python, or Bash for automation workflows.
• Adept at investigating network protocols, TCP/IP, and attack vectors.
• Experience working with threat intelligence and knowledge of MITRE ATT&CK tactics and techniques.
• Ability to communicate complex technical findings clearly to both technical and non-technical audiences.
• This position requires eligibility for a U.S. Government security clearance. In accordance with federal law, U.S. citizenship is required.

Publishing Pay Range: $38.00 - $43.00 hourly

This is a fully remote role and can be performed from any approved location within the United States.