Threat Management Specialist; Tier 2

Position Details

• Position 1 –
  
  Hours:
  
  3:30 pm to 11:30 pm ET, Days off:
  Tuesday and Wednesday
• Position 2 –
  
  Hours:
  
  11:30 pm to 7:30 am ET, Days off:
  Saturday and Sunday

The Tier 2 Analysts perform deep‑dive incident analysis by correlating data from various sources and determine if a critical system or data set has been affected. They handle incidents as defined in playbooks and SOPs, advise on remediation actions, and provide input on how to leverage AI, ML, and SOAR capabilities to improve CSOC efficiency and accuracy.

• Identify cybersecurity problems that may require mitigating controls
• Analyze network traffic to detect exploit or intrusion attempts
• Recommend detection mechanisms for exploit and intrusion attempts
• Provide subject‑matter expertise on network‑based attacks and intrusion methodologies
• Escalate items requiring further investigation to other members of the Threat Management team
• Execute operational processes to support response efforts to identified security incidents
• Utilize AI/ML‑based tools and techniques to detect anomalies, automate incident triage, and improve threat intelligence
• Perform threat intelligence analysis to assess risk and adapt defenses using ML‑enhanced tools
• Manage email security using ProofPoint, monitor for threats, and respond promptly to attacks
• Configure Splunk for log analysis, create alerts, and investigate security incidents
• Set up Fire Power for network monitoring, analyze traffic patterns, and enforce security measures
• Deploy Sentinel 1 agents, monitor alerts, and conduct security assessments
• Monitor, review, and respond to security alerts across Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra , and Google Cloud SCC
• Detect and analyze threats, investigate suspicious activity, coordinate incident response, and implement remediation actions
• Tune security policies, maintain visibility in cloud and endpoint environments, and support continuous improvement of the security posture
• Stay current on the latest cybersecurity trends, threat actors, and AI/ML research
• Identify and support automation use cases, including AI/ML to enhance SOC capabilities
• Collaborate across Operations to provide SOC enhancement through automation and AI

• 3+ years IT security experience with exposure to AI/ML projects
• 2+ years experience in network traffic analysis
• Strong working knowledge of Boolean logic, TCP/IP fundamentals, network‑level exploits, threat management, and control frameworks
• Excellent oral and written communication and interpersonal skills
• Strong understanding of IDS/IPS technologies, architectures, and signature creation
• Experience with cloud security (AWS, Azure, GCP)
• Hands‑on experience with cybersecurity automation (e.g., SOAR platforms)
• Proficiency in using machine‑learning frameworks for anomaly detection, threat intelligence, and behavioral analysis in cybersecurity
• Skills in data analysis and feature engineering for large datasets (logs, network traffic)
• Familiarity with AI/ML techniques in cybersecurity and evaluation of AI/ML solutions in a SOC environment
• Experience identifying and implementing automation use cases

• 8–12 years relevant experience
• Degree from an accredited college or university in the applicable field; if not, an additional 4 years of related experience is required
• Independently performs functional duties
• Relevant certifications desired (GIAC Certified Enterprise Defender, GIAC Security Essentials, CISSP, SSCP)

• Mid‑Senior level

• Contract

• Other

• Defense and Space Manufacturing, Software Development, and Armed Forces