Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS
Provide in depth analysis from escalated requests originating from Security Analyst 1
Validate suspicious events by performing investigations using SIEM and SOAR technologies, leveraging Deepwatch proprietary tooling, intelligence and OSINT, TTPs and IOCs
Identify gaps in customer environments, data ingested or configuration errors which reduce telemetry quality
Work with customer and leadership to surface and resolve concerns
Provide support to Security Analyst I including coaching and training as necessary
Leverage your knowledge of Alert Triage, SOC Operations, and Defense in Depth (DiD) to contribute to projects for overall customer success
Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner
Surface opportunities for improvement in the SOC and for the customer and be a change agent for measurably improving our customer security posture and experience
Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program

Requirements

Have a strong understanding of cyber security principles, concepts and practices including the ability to perform a complete and thorough incident investigation and triage with limited support from Analyst III’s
Know your way around SIEM platforms (Splunk, Google SecOps or Microsoft Sentinel preferred), how to perform queries and leverage various log sources to perform investigations
Operate autonomously requiring minimal support on investigative actions
Competency with in-depth header analysis, hashes and Windows/macOS/Linux logs
Demonstrate the ability to pivot to other log sources, cloud systems or consoles to perform a comprehensive analysis from multiple data sources
Have a basic understanding of modern EDR, email security and cloud identity platforms
A desire to support others and uplift the program and team through updating training materials and SOPs
Strong written and verbal communication skills including the ability to write well-written reports and analysis that’s thorough, accurate and complete
Provide the customer with a complete understanding of the investigation
Sec+, CySA, CEH, GSEC, or equivalent certification preferred.

Benefits

Medical, dental, vision, and disability insurance
Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
Unique professional development benefits with Annual “development dollars” to support our people growth and development
Wellness contests and monthly educational programs
401(K) retirement program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

incident handlingcyber security principlesincident investigationalert triageheader analysislog analysisEDRemail securitycloud identity platformstelemetry quality

Soft Skills

coachingtrainingcommunicationproblem-solvingchange agentteam supportanalytical thinkingcustomer servicereport writingcollaboration

Certifications

Sec+CySACEHGSEC