Sr Cyber Defense Ops Specialist

Job Description

Role Description
We are seeking a Level 2 Cybersecurity Analyst to support Cyber Defense Operations within a large enterprise environment. This role is responsible for advanced security event investigation, incident response support, and threat analysis, as well as contributing to the continuous improvement of detection and response capabilities. The analyst will collaborate with Level 1 analysts, threat intelligence teams, and incident response stakeholders to ensure timely identification, containment, and remediation of security threats across the enterprise.

Key Responsibilities

• Investigate and analyze escalated security alerts and incidents from Level 1 analysts.
• Perform root cause analysis and assess business and technical impact of security events.
• Conduct proactive threat hunting and anomaly detection across enterprise systems and networks.
• Collaborate with incident response teams to support containment, eradication, and recovery activities.
• Correlate external threat intelligence with internal telemetry to identify emerging threats and attack patterns.
• Contribute to the development of detection use cases and provide recommendations for tuning SIEM and monitoring rules.
• Recommend enhancements to incident response playbooks and operational runbooks.
• Provide technical guidance and mentorship to junior analysts.
• Participate in post-incident reviews and contribute to lessons learned and continuous improvement initiatives.
• Represent Cyber Defense Operations in cross-functional security, risk, and compliance activities as required.

Required Knowledge Areas

• Strong understanding of network, endpoint, and security monitoring concepts.
• Knowledge of threat actor tactics, techniques, and procedures (TTPs).
• Familiarity with the MITRE ATT&CK framework and threat intelligence methodologies.
• Awareness of regulatory and compliance frameworks such as NIST, ISO, and PCI-DSS.

Required Skills

• Proficiency in log analysis, packet capture analysis, and malware investigation.
• Strong analytical, troubleshooting, and problem-solving skills.
• Experience with scripting or automation using languages such as Python, PowerShell, or Bash.
• Effective written and verbal communication skills for both technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced, incident-driven environment.

Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, or a related discipline, or equivalent professional experience.
• 2-5 years of experience in cybersecurity operations, security monitoring, or incident response.
• Industry-recognized security certifications (e.g., CySA+, GCIH, GCIA, CEH, or equivalent) preferred.
• Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar) and endpoint detection and response (EDR) tools (e.g., CrowdStrike, Microsoft Defender).
• Willingness to participate in a rotating on-call schedule or provide extended coverage during critical security incidents.

Preferred Experience

• SIEM Platforms: Splunk, ArcSight, Microsoft Sentinel, QRadar
• EDR/XDR Solutions: CrowdStrike, Microsoft Defender, SentinelOne
• Network Security Technologies: Palo Alto, Cisco, Check Point, Firepower
• Data Protection Technologies: Symantec DLP, Triton, Guardium
• Threat Intelligence and SOAR platforms
• Cloud security monitoring in AWS, Azure, or Google Cloud Platform environments

Work Schedule

• Hours: 11pm- 9am
• Days: Wednesday - Saturday

About Us

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family statparenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.

Equal Employment and Opportunity Employer

Job Applicant Data Privacy Policy

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.