Senior Analyst – Cyber Threat Operations Center

• 24/7 Security Event Monitoring: Actively monitor and respond to security alerts and incidents, conducting both initial triage and advanced analysis to assess escalation needs. Participate in a 24/7 response rotation.
• Incident Response and Threat Hunting: Execute containment, eradication, andrecovery actions for incidents, and conduct proactive threat hunting based on threat intelligence and dark web insights to identify potential threats across the environment.
• Mentorship of Junior Analysts: Provide day-to-day mentorship to junior analysts, enhancing their technical skills, analysis techniques, and understanding of threat landscapes. Conduct training sessions, review their work, and provide actionable feedback to boost team effectiveness.
• Advanced Analysis and Documentation: Perform in-depth root cause analysis on security incidents, document findings comprehensively, and offer actionable insights to support cross-functional teams in decision-making.
• Tool Optimization and Automation: Leverage and optimize SIEM, EDR, and security orchestration tools to improve detection and response efficiency. Identify and implement automation opportunities to streamline routine tasks, enhancing overall CTOC productivity. 
• Threat Intelligence Integration: Analyze and integrate threat actor tactics, techniques, and procedures (TTPs) into CTOC processes, focusing on high-priority threats such as ransomware, insider threats, and advanced persistent threats (APTs). Engage with MISP, ISACs, and threat intelligence sources to stay informed on evolving threats.
• Collaboration and Information Sharing: Participate in information-sharing initiatives with peers, ISACs, and other partners to enhance situational awareness, improve response strategies, and strengthen collaboration.
• Playbook Development and SOP Enhancement: Assist in creating and refiningincident response playbooks and SOPs, ensuring alignment with NIST CSF, CIS Controls, and other frameworks to bolster CTOC resilience and effectiveness.
• Project Leadership and Autonomy: Manage moderately large projects independently, from planning to execution, ensuring timely delivery of outcomes. Operate effectively with minimal supervision, demonstrating initiative and accountability.
• Post-Incident Review and Continuous Improvement: Lead post-incident reviews to identify lessons learned, suggest process improvements, and drive changes that capabilities. response future enhance

   

Why you're a fit

• Experience: 3-5 years in information security, preferably within a 24/7 CTOC or similar environment, monitoring cloud-native infrastructure.
• Technical Skills: Proficiency with operational security controls such as SIEM platforms, EDR, IDS/IPS, DLP, and data analysis. Experience with threat intelligence platforms and security orchestration tools preferred.
• Knowledge Base: Comprehensive understanding of cybersecurity principles, network protocols, and regulatory compliance (e.g., PCI, FTC Safeguards). Familiarity with frameworks such as MITRE ATT&CK, CIS Controls, and NIST CSF.
• Mentorship and Leadership Skills: Proven experience mentoring junior analysts, focusing on technical skill development and enhancing analytical thinking.
• Certifications: GCED, GCIH, GCIA, CISSP, or equivalent certification(s) is preferred.

Nice to haves

• Ability to communicate complex security concepts clearly to stakeholders at all levels.
• Strong organizational skills, adaptability, and the ability to make sound decisions under pressure.
• Demonstrated integrity, commitment to continuous improvement, and the ability to handle a wide variety of issues creatively and independently.

   

Education

• Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent work experience.
• This role offers the opportunity to apply advanced cybersecurity expertise, mentor junior talent, lead projects independently, and contribute to the strength and adaptability of the CTOC in a rapidly changing threat environment.