Cyber Security Operations Analyst

Overview

BigBear.ai is seeking a highly skilled and motivated Cybersecurity Operations Analyst to join our dynamic team. In this role, you will play a critical part in safeguarding our digital assets and ensuring the security of our innovative solutions. As a key member of our cybersecurity team, you will be responsible for threat analysis, incident response, and the implementation of security measures to protect our organization from cyber threats. If you are passionate about cybersecurity and have a proactive approach to identifying and mitigating risks, we invite you to apply and contribute to our mission of delivering secure and cutting-edge technologies.

What you will do

Key Responsibilities

• Threat Detection & Investigation
• Monitor and triage alerts from SIEM, EDR, email security, and other monitoring tools
• Investigate escalated alerts from MSSP or automated detections
• Perform threat hunting based on IOCs, suspicious activity, and threat intelligence
• Incident Response
• Lead response for medium-to-high severity incidents
• Conduct root cause analysis and document findings in post-incident reports
• Coordinate with internal teams to contain and eradicate threats
• Security Tool Management
• Tune and maintain SIEM, EDR, and other security platforms to improve detection fidelity
• Develop custom detection rules, dashboards, and reports
• Vulnerability & Risk Management
• Lead the lifecycle of vulnerability management, from scanning and analysis to remediation tracking
• Validate and prioritize vulnerabilities based on their exploitability and potential impact to business operations
• Work directly with IT teams to provide guidance and technical recommendations for patching and configuration changes
• Track remediation efforts to ensure vulnerabilities are addressed in a timely manner
• Collaboration & Communication
• Act as a liaison between security operations and IT/business units
• Provide technical guidance to Tier 1 analysts
• Communicate security findings and recommended actions to stakeholders in clear, non-technical language
• Continuous Improvement
• Recommend and implement process and tooling enhancements
• Maintain and refine incident response runbooks and escalation procedures

What you need to have

• 2-4 years of experience in security operations, incident response, or related field
• Hands-on experience with SIEM, EDR, and network security tools
• Strong understanding of threat actors, attack techniques (MITRE ATT&CK), and incident response best practices
• Ability to analyze logs, packets, and system behavior to detect and investigate malicious activity
• Excellent written and verbal communication skills

What we'd like you to have

• Experience in a small-team environment with cross-functional responsibilities
• Familiarity with cloud security monitoring (AWS, Azure, or Google Cloud Platform)
• Industry certifications such as Security+, CySA+, GCIH, GCIA, or similar
• Scripting skills (Python, PowerShell, or Bash) for automation

About BigBear.ai

BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.

BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.