Lead threat monitoring activities to detect and analyze complex security incidents using SIEM tools, IDS/IPS, EDR, and other advanced security platforms
Triage, investigate, and respond to security incidents in accordance with established procedures, including containment, eradication, and recovery.
Analyze logs from firewalls, IDS/IPS, endpoint protection platforms, SIEM, and other sources to detect and assess security events.
Direct and manage incident response actions, from identification through containment, eradication, and recovery.
Participate in on-call as required to ensure 24/7 monitoring and response coverage.
Document investigations, actions taken, and outcomes in case management systems with accuracy and clarity.
Collaborate with SOC analysts, IT teams, and other departments (quality, compliance, legal, finance, executive) to resolve incidents, share threat intelligence, and support audits or legal holds.
Follow and contribute to the improvement of SOC playbooks, workflows, and standard operating procedures.
Identify, test, implement, and administer technologies that protect the organization’s information infrastructure.
Track, monitor, and report on key performance indicators (KPIs) and metrics (such as MTTD and MTTR) to measure the effectiveness of security operations and drive continuous improvement.
Perform periodic risk assessments, security reviews, and audits to ensure regulatory and security requirements are met; assist with remediation planning and follow-up.
Support malware analysis, containment efforts, and forensic investigations as directed, including responding to security emergencies during and after business hours.
Participate in ongoing corporate information security awareness training, notifications, and updates.
Communicate findings and recommendations clearly to technical and non-technical stakeholders.
Maintain confidentiality and integrity of sensitive information encountered during investigations.
Stay current with emerging threats, attack techniques, regulatory requirements (e.g., HIPAA, PCI), and security technologies through continuous learning and training.
Assist in the implementation, maintenance, and improvement of the organization-wide information security program.
Perform project leadership tasks on select security projects as assigned.
Provide guidance, training, and mentorship to junior and mid-level analysts, fostering a culture of continuous improvement and knowledge sharing within the team.
Lead IR efforts.
Perform other duties as assigned.

Requirements

Bachelor’s degree in information security, information systems, or related field and six (6) years of applicable work experience OR Associate degree and eight (8) years of applicable work experience OR High School diploma and ten (10) years of applicable work experience
Experience supporting desktop and server OS devices
One or more High-level Certifications in Information Security (e.g., CISSP, GIAC, OSCP, CASP+)
Preferred Experience with PCI, NIST, and CIS regulatory requirements, risk assessments, and required controls
Additional high-level security certificates (OSCP, CEH, CASP+)
Intermediate understanding of network, server, storage, database, and desktop operations and interrelationships
Experience with HIPAA/HITECH regulatory requirements, risk assessments, and required controls
Experience implementing and administering systems such as SIEM, Anti-Virus, MFA, Threat Hunting, Detection Engineering, SOAR etc.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

threat monitoringincident responselog analysismalware analysisrisk assessmentssecurity reviewsforensic investigationssecurity operationsdetection engineeringthreat hunting

Soft skills

communicationcollaborationleadershipmentorshipproblem-solvingattention to detailcontinuous improvementtrainingdocumentationproject management

Certifications

CISSPGIACOSCPCASP+CEH