Security Analyst

The Security Analyst II is responsible for day-to-day cybersecurity operations, including monitoring alerts, investigating incidents, validating endpoint hygiene, and ensuring timely execution of remediation plans. The role serves as a tactical executor under the direction of the Senior Manager, Cybersecurity and in coordination with the SOC and Infrastructure teams. Ideal candidates are those with solid hands-on experience in endpoint security, log triage, DLP monitoring, and vulnerability management.

• Security Event Monitoring & Response:
  • Monitor alerts from EDR (Crowdstrike), DLP (Google Workspace), and other SIEM sources; investigate and escalate validated events.
  • Coordinate with Managed SOC for Level 1/2 triage, assist in root cause validation, and track incidents to closure.
  • Participate in incident response processes, including evidence collection, analysis, and response documentation.

• Endpoint & Device Visibility:
  • Continuously monitor CS and MEDC installation status, highlighting assets lacking endpoint visibility.
  • Conduct hygiene validation exercises against endpoint baseline (e.g. Crowdstrike health, GWS login telemetry, etc).
  • Work with IT Service Operations to address untagged, unmonitored, or misconfigured devices.

• Vulnerability & Patch Coordination:
  • Review scan results (e.g., Tenable.io) for high/critical findings and follow up with Infra and IT Ops for remediation status.
  • Support prioritization of vulnerabilities based on asset classification and exposure.
  • Participate in monthly patch and remediation governance tracking.

• DLP Operations & Enforcement:
  • Investigate DLP rule violations, verify false positives, and escalate breaches aligned to Data Classification policy.
  • Maintain documentation on DLP cases and support tuning of policies with the Cloud Security Engineering team.
  • Support Falcon Data Protection rollout testing (PoC) and feedback loop.

• Reporting, Compliance & Audit Support:
  • Maintain operational metrics related to endpoint coverage, DLP alerts, and vulnerability remediation.
  • Support audit activities requiring endpoint agent matching, asset traceability, and license reconciliation.
  • Assist with monthly/quarterly reporting to Cybersecurity GRC and CTO functions for ongoing governance reviews.

• Education: Bachelor’s degree in Cybersecurity, Information Technology, or a related discipline.
• Experience: 2–4 years’ experience in a SOC, IT security operations, or security analyst capacity. Proven experience handling EDR, SIEM, DLP, or VA tools in a mid-size or enterprise organization.
• Technical Skills:
  • Familiarity with endpoint protection platforms (e.g., Crowdstrike, Carbon Black, SentinelOne).
  • Exposure to vulnerability management tools (e.g., Tenable, Qualys) and patching workflows.
  • Working knowledge of DLP controls in Google Workspace or Microsoft 365 environments.
  • Ability to interpret alerts, analyze logs, and investigate user or system behavior anomalies.
• Certifications (Preferred):
  • CompTIA Security+, Crowdstrike Certified Falcon Administrator (CCFA), Google Workspace Security Admin, or equivalent.
• Soft Skills:
  • Effective communication and collaboration skills for working with diverse teams and third-party vendors.
  • Adaptable to changing priorities and able to manage workload independently.

• Operational Rigor – Structured and process-driven approach to handling incidents and tasks.
• Analytical Thinking – Strong diagnostic skills and an investigative mindset for incident triage.
• Communication – Able to write clear incident summaries and collaborate across teams effectively.
• Accountability – Owns assigned alerts, tasks, and follow-ups until closure.
• Continuous Learning – Seeks to stay updated with new threats, tools, and defensive techniques.