Cyber Security Specialist
Role details
Job location
Tech stack
Job description
We are seeking a highly motivated and experienced Cyber Security Specialist to support swing and night shift operations within our 100% remote 24/7/365 Security Operations Center (SOC). You will monitor, analyze, investigate, and respond to threats across hybrid cloud and on-prem environments. This role is ideal for analysts with a strong investigative mindset, technical depth, and a passion for continuous learning., Perform advanced EDR analysis, including alert triage, threat detection, behavioral rule tuning, IOC investigation, and endpoint telemetry enrichment.
-
Support EDR platform administration by managing agent health and deployment, maintaining integration with SIEM and other telemetry pipelines, coordinating policy updates, and partnering with SysAdmins to troubleshoot endpoint and infrastructure-level issues affecting EDR visibility.
-
Conduct digital forensics during incident response by acquiring, preserving, and analyzing endpoint artifacts (e.g., memory, disk, registry, logs); assist with root cause analysis and ensure forensic evidence in accordance with legal and procedural requirements.
-
Provide engineering-focused support on SOC architecture improvements to increase visibility, data fidelity, and detection capabilities across hybrid environments.
-
Perform threat detection, log analysis, and anomaly identification across on-premises and cloud workloads (AWS preferred).
-
Conduct initial incident response and assist with investigations into malware, phishing, lateral movement, privilege misuse, and data exfiltration.
-
Apply threat intelligence to enrich alerts and uncover TTPs using the MITRE ATT&CK framework.
-
Document investigative steps and evidence in the case management system and escalate incidents per SOPs.
-
Participate in threat hunting missions based on hypotheses, intel feeds, and environmental knowledge.
-
Collaborate with engineering, system administrators, and cyber stakeholders to contain and remediate threats.
-
Support compliance efforts by ensuring audit trails, access logs, and investigative artifacts are collected and preserved.
-
Stay current with emerging threats, vulnerabilities, and TTPs targeting cloud and hybrid infrastructures.
-
Maintain situational awareness through active monitoring of CTI sources, advisories, and vulnerability disclosures.
Requirements
- 5 years with a Bachelors degree or 9 years with a HS diploma/equivalent
- Familiarity with compliance and audit frameworks: NIST CSF, 800-53, OMB M-21-31, CIS Benchmarks, STIGs
- Knowledge of vulnerability scanning tools (e.g., Tenable Nessus) and CVE exposure analysis
- Experience collaborating with cyber threat intelligence and/or red teams
- Experience in digital forensics, malware analysis, or purple team operations
- Experience with Case Management System (e.g., ServiceNow)
- Experience with SIEM (e.g., Splunk)
- Experience using SOAR platforms for alert triage and response automation
- Solid understanding of Windows and Linux operating system internals and log analysis
- Strong grasp of network protocols, TCP/IP, and common attack vectors
- Familiarity with scripting (e.g., PowerShell, Python, Bash) and automation workflows
- Experience with threat hunting, IOC analysis, or MITRE ATT&CK-based detection
- Understanding of identity and access management (IAM) risks in cloud environments
- Experience improving SOC processes, detection logic, architecture, or playbooks
- Ability to communicate findings clearly-verbally and in writing-to technical and non-technical audiences
- Must be a U.S. Citizen
- Must be able to obtain and maintain the required agency clearance, * Active Public Trust