Sr. Security Analyst

We are seeking a Security Analyst with strong Elastic SIEM experience and solid cybersecurity fundamentals who can investigate alerts, hunt threats, and help operationalize detection capabilities across network, cloud, and endpoint telemetry. This role requires analytical rigor, comfort working directly with customers, and the ability to operate with limited oversight in fast-paced environments.

Key Responsibilities
- Network Monitoring & Intrusion Detection: Perform analysis using defense tools including IDS/IPS, firewalls, and host-based security systems.
- SIEM Operations (Elastic SIEM): Use Elastic SIEM to correlate events, identify indicators of compromise, and produce actionable intelligence for response.
- Threat Detection Engineering (Analyst-led): Implement and improve log-based and endpoint-based detection strategies; validate detections and recommend tuning based on outcomes.
- Content Development: Develop and tune SIEM content such as detection rules, machine learning rules, dashboards, and visualizations aligned to customer requirements.
- Activity Correlation: Correlate data across network, cloud, and endpoints to identify attacks and unauthorized actions.
- Alert Management & Reporting: Triage alerts from SIEM and other sensors; document incidents with clear technical reporting and recommendations.
- Threat Research: Investigate emerging threats and vulnerabilities to enhance detection and incident identification processes.
- Phishing Analysis: Analyze phishing submissions and recommend appropriate response actions.
- Incident Response Support: Support containment and mitigation activities; contribute to root cause analysis and corrective actions.
- Automation & Integrations: Create or maintain scripts (Python/PowerShell) for investigation support, enrichment, and workflow automation; help integrate telemetry sources into Elastic as needed.
- Customer Training & Enablement: Provide training to customer teams on SIEM usage, detection capabilities, investigation workflows, and security best practices to drive long-term operational success.
- Operational Excellence: Contribute to documentation (runbooks, detection standards, triage playbooks) and continuous improvement of SOC workflows.

Required Skills
- Secret Clearance
- 2+ years of cybersecurity experience
- Elastic SIEM proficiency: Monitoring, detection, triage, and investigation using Elastic SIEM; experience with Kibana and familiarity with Logstash / ingest pipelines preferred
- Strong cybersecurity fundamentals including network protocols, encryption concepts, and vulnerabilities
- Strong analytical skills for identifying patterns and anomalies across multiple data sources
- Scripting/automation experience using Python or PowerShell
- Experience creating and tuning SIEM rules, signatures, and dashboards

Desired Skills
- Prior experience working in a Security Operations Center (SOC)
- Experience with EDR, SIEM, SOAR, and ticketing tools
- Familiarity with threat actor tactics, techniques, and procedures (TTPs)
- Familiarity with cloud environments (AWS, Azure, Google Cloud Platform) and related security telemetry
- Experience supporting Elastic observability data (logs, metrics, traces) for investigations
- Certifications such as CISSP, CEH, GCIH, Elastic Certified Analyst, or equivalent
- Entry-level cybersecurity certifications (A+, Net+, Sec+, GSEC, etc.)