All Lines Technology
Get AI-powered advice on this job and more exclusive features.
The Cybersecurity Analyst strengthens endpoint, identity, and detection controls by operating and improving EDR, SIEM, vulnerability management, Azure Entra ID/Active Directory, and security awareness programs while supporting real-world investigations.
This is a hands-on analyst role, compensation and scope reflect direct ownership and operation of security tools rather than a purely advisory or architectural function.
Duties and Responsibilities
Monitor SIEM and EDR alerts, investigate and document findings, escalate per runbooks, and tune detections to reduce noise while maintaining coverage
Perform root-cause analysis of incidents where applicable
Conduct periodic threat hunting aligned with current attacker techniques
Maintain EDR policies, agent health, and containment workflows, and coordinate remediation with IT operations
Perform vulnerability scans, prioritize CVEs, drive patching or mitigations, track SLAs, and report risk trends
Enforce MFA and Conditional Access, review privileged access, and support identity hardening and authentication policies
Plan and execute phishing simulations and role-based security awareness training, reporting metrics and driving behavior improvement
Develop SIEM analytics and playbooks, enrich detections, and support incident response and post-incident reviews
Maintain procedures and evidence, support audit and risk activities, and contribute to the security policy lifecycle
Requirements Education:
Bachelor’s degree in information technology, Cybersecurity, Computer Science, or a related field preferred. Equivalent relevant work experience may be substituted.
Experience:
1–5+ years in cybersecurity or IT operations, or equivalent hands-on experience. Candidates are expected to be comfortable working directly in security tools; depth of responsibility will align with experience. Preferred hands-on experience in several of the following areas:
EDR policy management, investigations, and containment
Alert triage, query development, dashboards, and runbooks
Vulnerability scanning, prioritization, and remediation
Azure Entra ID / Active Directory with MFA, Conditional Access, and privilege hygiene
Cybersecurity awareness training and phishing campaigns with metrics reporting
PowerShell: ability to read and modify basic scripts; advanced scripting a plus.
Familiarity with ticketing and change management
Clear incident documentation and concise stakeholder updates
Experience supporting audits or security questionnaires
Skills/Knowledge:
Security Tooling (transferable): SIEM (Microsoft Sentinel, Splunk, ConnectWise), EDR (CrowdStrike, SentinelOne, Microsoft Defender), vulnerability management (Tenable, Qualys), and security awareness platforms (KnowBe4)
Working knowledge of security frameworks (NIST CSF, 800-53/800-171, CIS Controls)
Azure and Microsoft 365 security fundamentals, detection tuning and automation using KQL and PowerShell
Comfortable learning new tools and techniques while working on real investigations.
Other:
Separates signal from noise and uses data to justify tuning and remediation
Drives incidents and vulnerabilities to closure with cross-functional teams
Balances security controls with user experience and operational impact
Translates technical risk for non-technical audiences
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Information Services
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Duties and Responsibilities
Monitor SIEM and EDR alerts, investigate and document findings, escalate per runbooks, and tune detections to reduce noise while maintaining coverage
Perform root-cause analysis of incidents where applicable
Conduct periodic threat hunting aligned with current attacker techniques
Maintain EDR policies, agent health, and containment workflows, and coordinate remediation with IT operations
Perform vulnerability scans, prioritize CVEs, drive patching or mitigations, track SLAs, and report risk trends
Enforce MFA and Conditional Access, review privileged access, and support identity hardening and authentication policies
Plan and execute phishing simulations and role-based security awareness training, reporting metrics and driving behavior improvement
Develop SIEM analytics and playbooks, enrich detections, and support incident response and post-incident reviews
Maintain procedures and evidence, support audit and risk activities, and contribute to the security policy lifecycle
Requirements Education:
Bachelor’s degree in information technology, Cybersecurity, Computer Science, or a related field preferred. Equivalent relevant work experience may be substituted.
Experience:
1–5+ years in cybersecurity or IT operations, or equivalent hands-on experience. Candidates are expected to be comfortable working directly in security tools; depth of responsibility will align with experience. Preferred hands-on experience in several of the following areas:
EDR policy management, investigations, and containment
Alert triage, query development, dashboards, and runbooks
Vulnerability scanning, prioritization, and remediation
Azure Entra ID / Active Directory with MFA, Conditional Access, and privilege hygiene
Cybersecurity awareness training and phishing campaigns with metrics reporting
PowerShell: ability to read and modify basic scripts; advanced scripting a plus.
Familiarity with ticketing and change management
Clear incident documentation and concise stakeholder updates
Experience supporting audits or security questionnaires
Skills/Knowledge:
Security Tooling (transferable): SIEM (Microsoft Sentinel, Splunk, ConnectWise), EDR (CrowdStrike, SentinelOne, Microsoft Defender), vulnerability management (Tenable, Qualys), and security awareness platforms (KnowBe4)
Working knowledge of security frameworks (NIST CSF, 800-53/800-171, CIS Controls)
Azure and Microsoft 365 security fundamentals, detection tuning and automation using KQL and PowerShell
Comfortable learning new tools and techniques while working on real investigations.
Other:
Separates signal from noise and uses data to justify tuning and remediation
Drives incidents and vulnerabilities to closure with cross-functional teams
Balances security controls with user experience and operational impact
Translates technical risk for non-technical audiences
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Information Services
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr