Description:
The Senior Security Analyst – Security Operations is responsible for operating, maturing, and continuously improving core cyber defense and detection capabilities across the enterprise. This role has a strong focus on Vulnerability Management, Endpoint Detection & Response (EDR), Network Detection & Response (NDR), and day‑to‑day Security Operations.
The incumbent will act as a senior technical resource within the SOC, providing advanced analysis, threat-driven prioritization, and operational leadership across security monitoring, incident response, vulnerability remediation, and control effectiveness measurement. The role directly contributes to improving the organization’s cyber risk posture, with measurable outcomes reflected in Security Risk Index (SRI) and other governance metrics aligned to NIST and ISO frameworks.
After-hours support and on-call duties may be required for high-severity security incidents.
Position Responsibilities:
Vulnerability Management
- Own and operate the enterprise vulnerability management lifecycle, including discovery, assessment, prioritization, remediation tracking, and risk acceptance
- Correlate vulnerability data with asset criticality, exploitability, threat intelligence, and exposure to drive risk-based remediation
- Track remediation SLAs and escalate overdue or accepted risks through appropriate governance channels
- Support internal and external audit evidence for vulnerability management controls
- Contribute vulnerability metrics to executive and risk committee reporting (e.g., SRI/NSRI)
Security Operations & Incident Response
- Act as a senior escalation point for security incidents, providing deep technical analysis, containment guidance, and remediation recommendations
- Lead investigation of alerts generated by EDR, NDR, SIEM, and security analytics platforms
- Coordinate incident response activities across IT Infrastructure, Network, Cloud, and Application teams
- Develop and maintain incident response playbooks, runbooks, and escalation procedures
- Support post‑incident reviews, root cause analysis, and lessons learned tracking
Endpoint Detection & Response (EDR)
- Operate and tune EDR platforms to improve detection fidelity, reduce false positives, and enhance response effectiveness
- Analyze endpoint telemetry for indicators of compromise (IOC), anomalous behavior, and threat actor activity
- Support endpoint containment actions such as process isolation, host quarantine, and forensic data collection
- Partner with IT Operations to ensure EDR coverage, health, and policy compliance across endpoints
Network Detection & Response (NDR)
- Operate and maintain NDR capabilities, including alert triage, investigation, and threat hunting
- Analyze network traffic, metadata, and behavior-based detections to identify lateral movement, command-and-control activity, and policy violations
- Collaborate with Network teams to validate detections and improve network security controls and segmentation
- Use NDR telemetry to validate network segmentation effectiveness and control gaps
Threat Detection & Threat Hunting
- Perform proactive threat hunting using EDR, NDR, SIEM, and log analytics platforms
- Apply MITRE ATT&CK–aligned techniques to identify stealthy or low-signal threats
- Integrate external threat intelligence into detection and hunting activities
- Recommend detection engineering improvements to SOC tooling and analytics
Metrics, Risk & Compliance
- Define and maintain security operations KPIs and KRIs (incident trends, MTTR, vulnerability aging, control coverage)
- Contribute to Security Risk Index (SRI) calculations and continuous improvement initiatives
- Ensure alignment with NIST CSF, ISO 27001/27002, and internal security standards
- Support audits by providing defensible evidence of control operation and effectiveness
Continuous Improvement & Leadership
- Mentor junior analysts and provide technical guidance within the SOC
- Identify opportunities to improve automation, orchestration, and response workflows
- Participate in security architecture reviews and technology evaluations related to detection and response
- Contribute to the development of security standards, procedures, and operational playbooks