The Mid-Level Cyber Defense Analyst uses defensive measures and information collected from a variety of sources to identify, analyze, and report vulnerabilities and malicious events. This role focuses on maintaining the integrity of our internal and cloud networks by conducting deep-dive analysis of security data, recognizing operational trends, and leading initial incident containment efforts.
Responsibilities:
- Investigate security alerts escalated by SOC Level 1 analysts.
- Perform deeper analysis of suspicious activity across SIEM, EDR, network, identity, cloud, and email security platforms.
- Validate whether security events represent false positives, suspicious behavior, policy violations, or confirmed cybersecurity incidents.
- Correlate events across multiple log sources to identify attack patterns, affected assets, compromised accounts, lateral movement, malware activity, or unauthorized access
- Determine the scope, severity, business impact, and urgency of security incidents
- Recommend containment, eradication, and remediation actions to the appropriate technical teams
- Create and maintain accurate incident timelines, investigation notes, evidence records, and escalation summaries
- Support phishing investigations, endpoint compromise analysis, suspicious login reviews, malware alerts, brute-force attacks, data exfiltration indicators, and cloud security events
- Review and improve SOC playbooks, investigation procedures, and escalation criteria.
- Provide technical guidance, coaching, and feedback to SOC Level 1 analysts
- Identify recurring false positives and recommend tuning improvements for SIEM, EDR, and other detection platforms
- Participate in post-incident reviews and provide recommendations to improve detection, response, and prevention
- Support shift handovers by documenting open incidents, pending actions, and important operation contexts
Requirements
- 2 to 4 years of experience in SOC operations, cybersecurity monitoring, incident response, security operations, network security, endpoint security, or infrastructure security
- Previous experience as a SOC Analyst L1 or equivalent role
- Experience investigating real security alerts and documenting incident findings
- Practical knowledge of SIEM, EDR, identity logs, firewall logs, email security alerts, and endpoint events
- Experience escalating incidents and recommending remediation actions
- Preferred Certifications: CompTIA CySA+, Blue Team Level 1 / BTL1, Blue Team Level 2 / BTL2, Microsoft AZ-500, CompTIA Security+, CompTIA Network+, Cisco CCNA, Fortinet FCP / NSE, Microsoft AZ-500, as a plus for cloud/security environments, eCIR
- Language: English C1 is required
