Job Description

The Cybersecurity Analyst provides continuous monitoring services for CloudWave’s Managed Security Services (MSS) program. The analyst is responsible for analyzing events from a wide array of data sources including client devices, network sensors, endpoint protection software, and authentication services. Working from the Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms, the analyst will manage security alerts leveraging automation to address potential security incidents and optimize response times while actively responding to threats.

This role requires strong technical and analytical skills, and the ability to investigate and mitigate security challenges in a fast-paced Security Operations Center (SOC) environment. Analysts will work closely with playbooks, threat intelligence, and malware analysis to provide proactive and reactive security strategies, helping to safeguard critical infrastructure. This individual may also engage in data analysis/reporting, vulnerability assessments, and collaborate directly with clients remotely.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Monitor and manage security events from the SIEM/SOAR platform, identifying security incidents and responding in real-time to cyber threats against client infrastructure.
• Escalate incidents according to defined protocols, providing detailed documentation and updates to all relevant stakeholders.
• Use automation playbooks to streamline detection, investigation, and response to security events, ensuring rapid and accurate threat mitigation.
• Conduct malware analysis, utilizing threat intelligence feeds to understand and assess risks associated with detected anomalies.
• Investigate security incidents using advanced detection tools and network sensors, and perform in-depth troubleshooting to resolve security-related issues.
• Develop and apply threat intelligence to improve incident detection capabilities and to fine-tune SIEM/SOAR rules and playbooks.
• Provide expert recommendations for security policies, modify client device configurations, and implement best practice security strategies in collaboration with the client.
• Perform vulnerability assessments to identify and remediate security gaps, ensuring that clients maintain a secure environment.
• Utilize advanced tools and testing equipment, including protocol analyzers, packet capture tools, and anomaly detection systems, to investigate complex security events.
• Proactively engage in continuous improvement of detection rules, incident response strategies, and automation workflows within the SOAR platform.
• Provide excellent customer service, responding to inbound security-related calls and requests while creating tickets, managing user inquiries, and handling security complaints efficiently.
• Maintain clear and concise documentation of all incidents, security changes, and ongoing activities to ensure compliance with internal and client reporting standards.
• Ensure the client and internal teams implement best practice security policies that address business needs while protecting vital corporate assets.
• This position requires the ability to work independently with minimal supervision, handle multiple tasks simultaneously, and make critical decisions under pressure, knowing that decisions impact both networks and users.

FUNCTIONAL/TECHNICAL SKILLS:

• Experience with SIEM/SOAR platforms and the ability to configure and manage playbooks for security automation and response.
• Strong technical background in network security including intrusion detection/prevention and incident response.
• Knowledge of threat intelligence platforms and experience applying threat intelligence to enhance detection capabilities.
• Experience in malware analysis to understand threats and to mitigate risks during incident response.
• Understanding of network topologies, routers, firewalls, VPNs, and IDS/IPS technologies.
• Familiarity with security applications such as anomaly detection tools, VPN technology, and ticketing systems.
• Strong understanding of network management and troubleshooting tools, including protocol analyzers, packet capture, and LAN/WAN sniffers.
• Ability to interpret network diagrams and troubleshoot complex security issues across multiple environments.
• Ability to interpret scripting or query languages including but not limited to bash, powershell, python, perl, SQL, SPL, KQL, YARA, GoLang, or similar
• Familiarity with Unix and Windows operating systems
• Familiarity with security processes in incident management, fault management, and problem management.
• Desire to perform advanced cybersecurity research and proactively stay ahead of emerging threats.
• Demonstrated passion for continuous learning and self-improvement within the field of cybersecurity.

QUALIFICATIONS:

• Strong interpersonal and customer service skills to effectively communicate with clients and team members.
• Proven ability to work under pressure in a fast-paced environment while handling multiple tasks with discipline and attention to detail.
• Relevant security certifications (e.g., CISSP, CEH, GSEC) are highly desirable, but not required