Cyber Defense Analyst

BeyondTrust

. Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.

Posted 4/21/2026full-timeRemote • 🇮🇱 IsraelJuniorMid-LevelWebsite

Tech Stack

Tools & technologies

Cloud

About the role

Key responsibilities & impact

Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
Investigate alerts to determine scope, severity, and whether escalation is warranted.
Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.
Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow data—spanning both corporate and product infrastructure.
Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.
Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms, with a focus on reducing false positives and closing coverage gaps.
Translate threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, with particular attention to threats targeting privileged access tooling and supply chain attack vectors.
Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the team’s workflows.
Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
Maintain daily operational notes and shift handoff documentation.
Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
Participate in on-call rotation for after-hours incident escalation.

Requirements

What you’ll need

2+ years of experience in a SOC, security operations, or incident response role.
Understanding of common attack frameworks (MITRE ATT&CK), network protocols, and endpoint behavior.
Experience with at least one SIEM platform and familiarity with writing search or detection queries.
Familiarity with EDR platforms and cloud environments (IaaS preferred).
Comfort using AI systems (e.g., LLM-based assistants, copilots, or AI-driven analysis tools) as part of security workflows.
Strong written communication skills; able to document findings clearly and concisely for both technical and non-technical audiences.

Benefits

Comp & perks

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.
We take care of our employees so they can take care of our customers.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SIEMEDRCSPMincident responseforensic analysisthreat intelligencedetection rulesnetwork protocolsattack frameworkssearch queries

Soft Skills

written communicationstakeholder communicationdocumentationteam collaborationincident summarization