Sr. Cyber Detection Incident Analyst - Security Operations

• Conduct expert-level triage and deep-dive analysis of security events using EDR, NDR, identity telemetry, application logs, SIEM analytics, SOAR workflows, and cloud-native security tools
• Lead incident escalation workflows and collaborate with the Incident Response and other partner teams drive timely containment and resolution of security threats
• Perform proactive threat hunting across endpoints, networks, identity systems, cloud platforms (Azure, AWS, GCP), and SaaS environments using threat intelligence, behavioral analytics, and TTP/IOC research
• Correlate telemetry across diverse systems to identify sophisticated attack patterns
• Apply strong understanding of OS internals, cloud architectures, networking, authentication protocols, and adversary tradecraft to assess risk, determine impact, and drive escalation decisions
• Integrate threat intelligence (IOCs, behavioral patterns, ATT&CK-aligned TTPs) into detection logic, use cases, and hunt strategies
• Develop, tune, and maintain high-efficacy detections across: SIEM : correlation rules, anomaly detection, enrichment logic
• EDR/XDR : behavioral detections, process analytics, custom rules
• NDR : network anomaly detection, lateral movement patterns
• SOAR : automation workflows, enrichment routines
• Cloud-native tools : Azure Defender, AWS GuardDuty, GCP SCC
• SaaS platforms : O365, API-based telemetry
• Evaluate emerging detection technologies, analytics methods, and research findings to improve visibility, reduce MTTD, and optimize analyst efficiency
• Act as a technical detection lead by mentoring analysts, reviewing escalations, and driving consistency in detection quality and workflows
• Support 24×7 monitoring as part of an on‑call rotation

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or equivalent experience
• 5+ years of experience in cybersecurity with a focus on detection engineering, security operations, incident response, intrusion detection, or security event analysis
• Strong analytical and investigative skills with the ability to interpret complex datasets and communicate findings effectively
• Ability to create tactical scripts (Python, PowerShell, KQL, Bash, etc.) to supplement investigative workflows and enrich detections
• Experience with network security monitoring (IDS, packet capture, flow analysis) and proper techniques for identifying and responding to security events
• Experience detecting threats in cloud environments (Azure, AWS, GCP) and using cloud-native detection tooling
• Strong collaboration and communication skills with focus on cross-team partnerships
• Demonstrated ability to mentor other analysts, contribute to team development, and work effectively in a collaborative team environment
• Deep knowledge of SIEM technologies, log‑centric analytics, and correlation logic
• Deep knowledge of EDR platforms and behavioral-based detection methodologies

• Industry certifications such as GCIA, GCIH, AWS/Azure/GCP security certifications, or equivalent
• 7+ years of experience in cyber incident detection, threat hunting, or security operations
• Experience with vehicle security, automotive architectures, or embedded security telemetry
• Experience supporting manufacturing or OT security environments
• Experience with application security, runtime and application telemetry, CI/CD pipelines, and API abuse detection
• Experience leading security projects and incident response initiatives
• Malware analysis

Relocation benefits may be eligible