SecurityAnalyst(CyberDefenseAnalyst)

## Accountabilities Monitor, triage, and analyze security alerts and telemetry across SIEM and enterprise security platforms to identify potential threats and anomalies. Investigate security incidents across endpoints, identity systems, cloud environments, networks, and applications to determine scope and impact. Correlate security events to validate threats, support escalation decisions, and contribute to timely incident response actions. Document investigations, findings, and response activities while maintaining clear communication with stakeholders and leadership. Conduct proactive threat hunting activities to identify emerging attack patterns, adversary techniques, and detection gaps. Support detection engineering and automation initiatives to improve monitoring coverage and response efficiency. Assist in refining incident response processes, playbooks, and operational procedures to enhance cyber defense maturity. Collaborate with infrastructure and system owners to prioritize vulnerability remediation and track risk reduction efforts. Requirements: 5+ years of experience in cybersecurity, SOC, cyber defense, or incident response roles within enterprise environments. Hands-on experience with SIEM tools (searches, dashboards, alerts, investigations), preferably CrowdStrike NG-SIEM. Experience with Microsoft Defender XDR and Microsoft 365 security ecosystem (identity, email, and collaboration security). Strong understanding of networking fundamentals, cloud environments (AWS/Azure), and operating systems (Windows and macOS). Familiarity with threat frameworks such as MITRE ATT&CK, NIST CSF, or CIS Controls. Ability to write clear incident reports and communicate technical findings to both technical and non-technical stakeholders. Exposure to scripting or query languages such as PowerShell, Python, or similar for analysis and automation. Experience with vulnerability management tools such as Tenable or Wiz is preferred. Relevant certifications such as GCIH, CySA+,