Principal Cybersecurity Analyst

Position: Principal Cybersecurity Analyst

Duration: 12 Months Contract
Location: Greensboro NC 27409(hybrid)

Principal Cybersecurity Analyst (L4) Incident Response & Threat Strategy

As a recognized subject matter expert (SME), you are expected to stay ahead of cyber threat trends, attack methodologies, and adversary tactics, ensuring the CSOC is future-ready and resilient against evolving cyber threats.

Job Duties:

• Strategic Threat Defense & Security Roadmap
• Work closely with the Head of CSOC to define and refine CSOC strategy to address emerging cybersecurity threats.
• Continuously evaluate and enhance detection and response frameworks, aligning with business risk and threat landscape evolution.
• Lead SOC maturity initiatives, driving automation, advanced analytics, and intelligence-driven security operations.
• Develop KPIs and CSOC performance metrics to measure effectiveness and resilience against modern cyber threats.
• Act as a trusted advisor to executive leadership, Enterprise IT Security (EITS) teams, and business stakeholders on cyber risk and response strategies.
• Advanced Incident Response & Threat Hunting
• Serve as the highest-level escalation point for complex cybersecurity incidents, including nation-state APTs, ransomware, and insider threats.
• Conduct proactive threat hunting using behavioral analytics, anomaly detection, and adversary tracking.
• Perform deep forensic investigations into network intrusions, malware infections, and cloud-based threats.
• Develop custom SIEM detection logic, EDR rules, and network security signatures to enhance threat visibility.
• Correlate threat intelligence (TI), security logs, and endpoint telemetry to identify persistent threats and attack patterns.
• Cyber Threat Intelligence & Emerging Threat Research
• Stay up to date with the latest cybersecurity news, APT activities, vulnerabilities, and exploit trends.
• Drive threat modeling exercises to anticipate and counter evolving adversary tactics, techniques, and procedures (TTPs).
• Lead adversary tracking initiatives, mapping threats to MITRE ATT&CK, Cyber Kill Chain, and TIBER-EU frameworks.
• Collaborate with global threat intelligence teams to curate and integrate high-value threat intelligence into CSOC operations.
• Evaluate new attack vectors, malware strains, and exploit techniques, ensuring defensive capabilities remain ahead of adversary innovation.
• Security Engineering & SOC Enhancement
• Partner with cybersecurity engineers, architects, and IT teams to improve enterprise security posture.
• Lead security automation (SOAR) initiatives, developing playbooks and automated response workflows.
• Recommend and implement advanced detection technologies, including UEBA, deception technologies, and AI-driven threat analytics.
• Assist in red team/blue team exercises, purple teaming engagements, and cyber resilience stress tests.
• Leadership, Mentorship & Expert Advisory
• Act as a mentor and technical coach to CSOC analysts (L1-L3), fostering continuous skill development.
• Design and conduct advanced training programs and tabletop exercises to prepare SOC teams for high-impact incidents.
• Represent the CSOC in executive briefings, security conferences, and cybersecurity think tanks.
• Assist in developing and enforcing cybersecurity policies, standards, and compliance frameworks.

Requirements:

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or a related field.
• 10+ years of hands-on cybersecurity experience, with deep expertise in SOC operations, incident response, and cyber threat intelligence.
• Demonstrated experience leading complex investigations into APTs, cybercrime operations, and enterprise-wide security incidents.
• Technical Skills & Expertise
  • Advanced Incident Response & Forensics:
  • Expert-level proficiency in digital forensics, memory analysis, network forensics, and endpoint telemetry analysis.
  • Ability to track adversary TTPs across enterprise environments using advanced threat intelligence correlation.
• Security Tools & Technologies:
  • Hands-on experience with industry-leading SIEM, EDR, IDS/IPS, forensic tools, and threat intelligence platforms.
  • Proficiency in YARA rule development, Sigma rules, and custom detection engineering.
• Cyber Threat Intelligence & Adversary Tracking:
  • Expert understanding of nation-state cyber threats, APT campaigns, and cybercriminal ecosystems.
  • Strong working knowledge of MITRE ATT&CK, Diamond Model, Cyber Kill Chain, and TIBER-EU methodologies.
  • Ability to reverse engineer malware and extract indicators of compromise (IOCs) and tactics of adversaries.
• Scripting & Security Automation:
  • Proficiency in Python, PowerShell, or Bash for security automation, log parsing, and threat hunting.
  • Experience building custom SOAR playbooks to automate incident response and threat containment.
• Cloud & Network Security:
  • Strong understanding of cloud security monitoring (AWS, Azure, Google Cloud Platform) and zero-trust architecture principles.
  • Deep knowledge of network security protocols, firewall technologies, and modern identity-based threats

Preferred Qualifications:

• Advanced Certifications:
  • CISSP, GCIH, GCFA, GCFE, GNFA, OSCP, CCTHP, CTIA, or CISM.
• Deep Cybersecurity Expertise in:
  • Cyber Threat Hunting & Intelligence-Driven Defense
  • Advanced Malware Analysis & Reverse Engineering
  • Security Automation & Orchestration (SOAR)
  • Network & Endpoint Forensics
  • Cloud Security & Identity Threat Detection
• Leadership & Strategic Impact:
  • Experience defining SOC strategy, cyber defense roadmaps, and risk mitigation frameworks.
  • Ability to bridge technical findings with executive-level security strategy and risk management