Cybersecurity Analyst / Engineer

Summary: The Cybersecurity Analyst/Engineer (Tier 3) role requires an expert in cybersecurity alert triage and incident response, with a strong focus on threat detection techniques and vulnerability management. The candidate will manage enterprise security platforms, lead email security operations, and mentor junior staff while ensuring the security of IT and cloud environments. Mastery of NIST guidelines and the MITRE ATT&CK framework is essential for success in this position. The role emphasizes hands-on expertise and leadership in cybersecurity practices.

Key Responsibilities:

• Implement and maintain cybersecurity tools and platforms across the enterprise, including extended endpoint detection and response (DR), email security systems, and cloud security solutions.
• Lead and manage the enterprise Vulnerability Management Program, coordinating with infrastructure and application teams to drive timely remediation.
• Monitor and analyze cybersecurity alerts; lead response activities and investigations following NIST 800-61 incident response lifecycle.
• Develop and maintain correlation rules to improve threat detection, reduce false positives, and ensure timely alerting to Tier 1 analysts.
• Own the email security ecosystem, including administration of tools and enforcement of DMARC policies.
• Administer and maintain the enterprise email security gateway, ensuring secure, timely, and reliable delivery of all inbound and outbound email communications.
• Perform advanced threat hunting and cyber risk mitigation using IOCs (Indicators of Compromise), BIOCs (Behavioral Indicators of Compromise), and known TTPs (Tactics, Techniques, and Protocols).
• Develop and maintain PowerShell scripts to automate routine tasks, streamline security.
• Strong experience with Windows Server and Desktop OS, Office 365, and Microsoft Azure.
• Proven expertise managing endpoint detection & response (EDR/DR) platforms.
• Experience building SIEM correlation rules and detection content.
• In-depth knowledge of email security technologies, SPF, DKIM, DMARC, and general email infrastructure.
• Strong understanding of vulnerability scanning tools and coordinating remediation activities.
• Experience with Cortex DR, Microsoft Defender Suite, Proofpoint Email Security Gateway and related tools, and Rapid7 are a plus.
• Exposure to scripting (e.g., PowerShell, Python) to automate tasks and improve detection capabilities.
• Familiarity with Zero Trust architecture, and cloud security posture management.
• Knowledge of Operational Technology (OT) security concepts and architectures, including familiarity with the Purdue Model.

Key Skills:

• Mastery-level knowledge of cybersecurity alert triage and incident response.
• Expertise in threat detection techniques based on the MITRE ATT&CK framework.
• Hands-on experience with enterprise security platforms and vulnerability management.
• Strong understanding of NIST guidelines and incident response lifecycle.
• Proficiency in PowerShell scripting and automation.
• Experience with email security technologies and policies (SPF, DKIM, DMARC).
• Knowledge of vulnerability scanning tools and remediation processes.
• Familiarity with cloud security and Zero Trust architecture.
• Exposure to Operational Technology (OT) security concepts.

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT