Cyber Security Specialist

Summary:

We are seeking a highly motivated and experienced Cyber Security Specialist to support swing and night shift operations within our 100% remote 24/7/365 Security Operations Center (SOC). You will monitor, analyze, investigate, and respond to threats across hybrid cloud and on-prem environments. This role is ideal for analysts with a strong investigative mindset, technical depth, and a passion for continuous learning.

NIGHT SHIFT

Job Responsibilities:

• Perform advanced EDR analysis, including alert triage, threat detection, behavioral rule tuning, IOC investigation, and endpoint telemetry enrichment.

• Support EDR platform administration by managing agent health and deployment, maintaining integration with SIEM and other telemetry pipelines, coordinating policy updates, and partnering with SysAdmins to troubleshoot endpoint and infrastructure-level issues affecting EDR visibility.

• Conduct digital forensics during incident response by acquiring, preserving, and analyzing endpoint artifacts (e.g., memory, disk, registry, logs); assist with root cause analysis and ensure forensic evidence in accordance with legal and procedural requirements.

• Provide engineering-focused support on SOC architecture improvements to increase visibility, data fidelity, and detection capabilities across hybrid environments.

• Perform threat detection, log analysis, and anomaly identification across on-premises and cloud workloads (AWS preferred).

• Conduct initial incident response and assist with investigations into malware, phishing, lateral movement, privilege misuse, and data exfiltration.

• Apply threat intelligence to enrich alerts and uncover TTPs using the MITRE ATT&CK framework.

• Document investigative steps and evidence in the case management system and escalate incidents per SOPs.

• Participate in threat hunting missions based on hypotheses, intel feeds, and environmental knowledge.

• Collaborate with engineering, system administrators, and cyber stakeholders to contain and remediate threats.

• Support compliance efforts by ensuring audit trails, access logs, and investigative artifacts are collected and preserved.

• Stay current with emerging threats, vulnerabilities, and TTPs targeting cloud and hybrid infrastructures.

• Maintain situational awareness through active monitoring of CTI sources, advisories, and vulnerability disclosures.

• Provide summary reports and handoff briefings at the end of each shift.

Skills:

• Familiarity with compliance and audit frameworks: NIST CSF, 800-53, OMB M-21-31, CIS Benchmarks, STIGs

• Knowledge of vulnerability scanning tools (e.g., Tenable Nessus) and CVE exposure analysis

• Experience collaborating with cyber threat intelligence and/or red teams

• Experience in digital forensics, malware analysis, or purple team operations

• Experience with Case Management System (e.g., ServiceNow)

• Experience with SIEM (e.g., Splunk)

• Experience using SOAR platforms for alert triage and response automation

• Solid understanding of Windows and Linux operating system internals and log analysis

• Strong grasp of network protocols, TCP/IP, and common attack vectors

• Familiarity with scripting (e.g., PowerShell, Python, Bash) and automation workflows

• Experience with threat hunting, IOC analysis, or MITRE ATT&CK-based detection

• Understanding of identity and access management (IAM) risks in cloud environments

• Experience improving SOC processes, detection logic, architecture, or playbooks

• Ability to communicate findings clearly-verbally and in writing-to technical and non-technical audiences

• U.S. Citizen with active Public Trust or other government clearances

Education/Experience (Preference):

• Degree educated or equivalent, preferably in a computer science related subject

• Security+, CySA+, CASP+, GCIH, GCIA, GCFA, GNFA, GDAT, CSA, CEH, or (ISC) SSCP/CISSP

• 5-7 years' experience