Remote Role || Security Analyst - Project Lead || Columbia, SC
Cyber Focus AI · United States · 3 days ago
RemoteRemoteAnalystFull-time
Daily Duties / Responsibilities
- Continuously review and correlate security event data across SIEM, EDR, IDS/IPS, and threat intelligence sources to identify complex attack patterns, emerging threats, and security incidents.
- Perform deep-dive analysis of suspicious activity, validate incidents, determine root cause and impact, and escalate critical incidents with detailed context to Tier 3 as required.
- Create detailed incident reports, timelines, and post-incident summaries; contribute to lessons-learned documentation and recommendations for remediation and preventative measures.
- Investigate user-reported phishing, malware infections, and potential policy violations; advise users and internal/external teams on containment and recovery actions.
- Recommend updates to SOC playbooks and workflows based on real-world INVESTIGATIONS, fine-tune detection rules. Alert thresholds, and correlation logic to reduce false positives and improve threat coverage.
- Collaborate with engineering teams to ensure monitoring tools are properly configured and tuned.
- Integrate new threat intelligence feeds into workflows and proactively hunt for threats using up-to date tactics, techniques, and procedures (TTPs).
- Serve as a customer-facing SME, "selling" the value of DIS services by demonstrating capabilities and resolving issues.
- Document processes, runbooks, and troubleshooting steps related to SOC operations.
- Cook up with engineering, SOC, and agency staff as needed to meet goals.
Required Skills
- 2+ Years of Experience with Security Monitoring and Incident Response
- 2+ Years of Experience with MITRE ATT&CK framework.
- 2+ Years of Experience with dashboard creation and reporting
Preferred Skills
- Experience with the Palo Alto Cortex XSIAM/XDR platform.
- Knowledge of Linux network administration and network design.
- Experience in administration of firewalls, VPN technology, Active Directory, Intrusion Detection/Prevention systems.