Cyber Operations Analyst
Hillwood · Dallas, TX · 3 wk ago
On-siteManagementFull-time
Responsibilities
- Security Monitoring and Triage: Monitor and triage security alerts from tools such as SIEM, EDR/XDR, email security, identity systems, and other log sources.
- Perform initial analysis to determine alert validity, scope, and potential impact; identify false positives and document rationale.
- Gather and preserve relevant evidence (logs, endpoint data, email headers, timelines) and maintain clear case notes.
- Incident Response Support and Escalation: Follow established playbooks/runbooks to handle common security events (phishing, malware alerts, suspicious logins, policy violations, etc.). Escalate confirmed or high-risk events to senior analysts/incident response leads with accurate context and recommendations.
- Aid in containment and remediation tasks under guidance (e.g., isolating endpoints, password resets, blocking indicators, opening IT tickets).
- Ticketing, Documentation and Communication: Own your queue: update tickets promptly, meet internal SLAs, and communicate status clearly to the cyber team and IT partners.
- Document investigations thoroughly and consistently so others can pick up work seamlessly.
- Operational Support and Continuous Improvement: Support routine checks and operational tasks (sensor/agent health, log onboarding validation, dashboard checks, basic reporting).
- Identify patterns that indicate recurring issues and propose improvements (alert tuning, new detections, process changes).
- Participate in periodic table-top exercises, lessons learned, and process refinement efforts.
- Risk Reduction and Security Support: Assist with vulnerability management coordination (tracking findings, validating remediation, communicating with system owners).
- Support phishing response and user-reported security concerns; help with awareness follow-ups and lessons learned.
- Contribute to audits/questionnaires by gathering evidence and maintaining organized records (under supervision).
- Collaborate closely with IT (networking, systems, help desk) and business partners to ensure security supports business outcomes.
Qualifications
- Strong attention to detail and ability to follow defined processes while applying sound judgment.
- Clear written and verbal communication skills, including the ability to document technical findings for varied audiences.
- High level of integrity and ability to handle sensitive information with discretion.
- Ability to manage multiple priorities in a team-oriented, fast-paced environment.
- Foundational understanding of cybersecurity concepts, including phishing, malware, MFA, and least privilege.
- Familiarity with industry frameworks such as MITRE ATT&CK and NIST CSF.
- Demonstrated curiosity and willingness to learn.
- Exposure to one or more of the following is preferred: Networking fundamentals (TCP/IP, DNS, HTTP/HTTPS, VPN), Windows security concepts (accounts, permissions, event logs), SIEM and/or EDR/XDR tools (e.g., Microsoft Defender), Vulnerability management tools (e.g., Rapid7), Microsoft 365 / Entra ID security concepts.