Job Description

Key Responsibilities
• Monitor security alerts and events across SIEM, EDR, and cloud monitoring platforms to identify anomalous activity.
• Conduct initial triage and deep-dive analysis to determine event criticality, scope, and potential impact.
• Correlate threat data across systems (network, endpoint, identity, and cloud) to validate incidents and identify root cause.
• Escalate validated incidents to senior analysts or incident response teams with clear, well-documented evidence.
• Support proactive threat intelligence integration by tagging indicators of compromise (IOCs) and validating threat feeds.
• Maintain and update detection content (queries, dashboards, correlation rules) in collaboration with detection engineering teams.
• Document analysis results, incident narratives, and recommended containment steps in the case management system.
• Participate in shift handoffs, threat reviews, and team knowledge-sharing sessions.
• Contribute to process improvement efforts that enhance detection fidelity or reduce false positives.

Required Skills
• Solid understanding of cybersecurity fundamentals, network protocols, and threat actor behaviors.
• Experience with SIEM tools (e.g., Splunk, Sentinel, QRadar) and EDR platforms (e.g., Defender, CrowdStrike, Carbon Black).
• Familiarity with MITRE ATT&CK and the cyber kill chain model.
• Ability to analyze logs and telemetry to identify potential compromises.
• Competency in scripting or data query languages (KQL, Python, PowerShell, SQL) preferred.
• Strong analytical thinking and problem-solving ability.
• Excellent written and verbal communication skills with attention to detail.
• Ability to work collaboratively in a 24x7 global operations environment.

Qualifications
• Bachelor’s degree in Cybersecurity, Computer Science, or related field.
• 8–10 years of experience in security operations, threat analysis, or digital forensics.
• Relevant certifications preferred: CompTIA Security+, GSEC, GCIH, or similar.
• Familiarity with cloud environments (AWS, Azure, GCP) a plus.
• Proficient in written and spoken English.
Key Performance Indicators (KPIs)
Short-Term Outcomes (3–6 months)
• Achieve full proficiency with Yum’s security monitoring and incident management tools.
• Maintain >90% accuracy in incident triage and classification.
• Successfully document and escalate all confirmed incidents within SLA.
• Contribute one process or detection improvement based on triage findings.
Long-Term Outcomes (6–12+ months)
• Demonstrate measurable improvement in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
• Assist in the development or enhancement of at least two detection use cases or playbooks.
• Deliver quarterly summaries of threat trends or recurring patterns to inform detection strategy.
Functional Area KPIs
• Technical Delivery
• Maintain 100% compliance for case documentation standards.
• Validate and enrich at least 20% of threat intelligence indicators used in detection logic.
• Operational Efficiency
• Reduce false positives through improved triage accuracy and query refinement.
• Contribute to post-incident reviews and implement lessons learned in daily monitoring.
• People & Collaboration
• Maintain strong collaboration and communication with incident response and hunting teams.
• Participate in knowledge-sharing sessions or internal training activities each quarter.
Career Progression Path
This role progresses toward Senior Cyber Threat Analyst (Level 8) or Threat Hunter (Level 8), where the analyst assumes ownership of complex investigations, mentors peers, and contributes to detection content development and intelligence-driven hunting operations.

Bachelor’s degree in Cybersecurity, Computer Science, or related field.
• 8–10 years of experience in security operations, threat analysis, or digital forensics.