Job Description
Summary:
We are seeking a highly motivated and experienced Cyber Security Specialist to support swing and night shift operations within our 100% remote 24/7/365 Security Operations Center (SOC). You will monitor, analyze, investigate, and respond to threats across hybrid cloud and on-prem environments. This role is ideal for analysts with a strong investigative mindset, technical depth, and a passion for continuous learning.
*There will be 2 shifts worked, Day shift: 7 am-7pm and Night Shift: 7pm-7am.
Job Responsibilities:
• Perform advanced EDR ( Endpoint Detection and Response - Trellix preferred
) analysis, including alert triage, threat detection, behavioral rule tuning, IOC investigation, and endpoint telemetry enrichment.
• Support EDR platform administration by managing agent health and deployment, maintaining integration with SIEM and other telemetry pipelines, coordinating policy updates, and partnering with SysAdmins to troubleshoot endpoint and infrastructure-level issues affecting EDR visibility.
• Conduct digital forensics during incident response by acquiring, preserving, and analyzing endpoint artifacts (e.g., memory, disk, registry, logs); assist with root cause analysis and ensure forensic evidence in accordance with legal and procedural requirements.
• Provide engineering-focused support on SOC architecture improvements to increase visibility, data fidelity, and detection capabilities across hybrid environments.
• Perform threat detection, log analysis, and anomaly identification across on-premises and cloud workloads (AWS preferred).
• Conduct initial incident response and assist with investigations into malware, phishing, lateral movement, privilege misuse, and data exfiltration.
• Apply threat intelligence to enrich alerts and uncover TTPs using the MITRE ATT&CK framework.
• Document investigative steps and evidence in the case management system and escalate incidents per SOPs.
• Participate in threat hunting missions based on hypotheses, intel feeds, and environmental knowledge.
• Collaborate with engineering, system administrators, and cyber stakeholders to contain and remediate threats.
• Support compliance efforts by ensuring audit trails, access logs, and investigative artifacts are collected and preserved.
• Stay current with emerging threats, vulnerabilities, and TTPs targeting cloud and hybrid infrastructures.
• Maintain situational awareness through active monitoring of CTI sources, advisories, and vulnerability disclosures.
• Provide summary reports and handoff briefings at the end of each shift.
Skills:
• Familiarity with compliance and audit frameworks: NIST CSF, 800-53, OMB M-21-31, CIS Benchmarks, STIGs
• Knowledge of vulnerability scanning tools (e.g., Tenable Nessus) and CVE exposure analysis
• Experience collaborating with cyber threat intelligence and/or red teams
• Experience in digital forensics, malware analysis, or purple team operations
• Experience with Case Management System (e.g., ServiceNow)
• Experience with SIEM (e.g., Splunk)
• Experience using SOAR platforms for alert triage and response automation
• Solid understanding of Windows and Linux operating system internals and log analysis
• Strong grasp of network protocols, TCP/IP, and common attack vectors
• Familiarity with scripting (e.g., PowerShell, Python, Bash) and automation workflows
• Experience with threat hunting, IOC analysis, or MITRE ATT&CK-based detection
• Understanding of identity and access management (IAM) risks in cloud environments
• Experience improving SOC processes, detection logic, architecture, or playbooks
• Ability to communicate findings clearly—verbally and in writing—to technical and non-technical audiences
• Public Trust or higher required to obtain
Education/Experience:
• Degree educated or equivalent, preferably in a computer science related subject
• Security+, CySA+, CASP+, GCIH, GCIA, GCFA, GNFA, GDAT, CSA, CEH, or (ISC)² SSCP/CISSP
• 3-5 years experience
