Cybersecurity Analyst

Benefits

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

The Cybersecurity Analyst is the front-line defender for multiple client environments. This critical role is responsible for the 24/7 detection, triage, investigation, and coordinated response to security threats and incidents across a diverse portfolio of client systems and networks. In addition to operational defense, the Analyst plays a key part in security reporting and supporting client audit requirements, ensuring transparency and compliance across all managed services.

• Vigilant monitoring, analyzing, initial triage, distinguishing false positives, and categorizing severity across a diverse client base.
• SIEM systems (e.g., Splunk, Microsoft Sentinel, Log Rhythm, or an MSP-specific solution). Candidates must be able to write queries, tune alerts, and manage centralized logging for multi-tenant environments.
• Operating and maintaining and executing remote containment actions like isolating compromised systems.
• EDR platforms (e.g., Crowd Strike, Microsoft Defender for Endpoint, Sentinel One, or other industry leaders).
• Tracking remediation efforts, maintaining systems, and contributing to automation scripts.
• RMM platforms:
  Used for tracking remediation, managing client systems remotely, and patch management.
• Ticketing/Incident Management Platforms:
  Used for detailed documentation, managing the audit trail, and tracking SLAs (e.g., Connect Wise Manage, Service Now, Autotask).
• Operating, maintaining, and applying immediate remediation steps like blocking malicious traffic.
• Firewalls (Next-Generation Firewalls like Palo Alto, Cisco, Fortinet) and a general understanding of network traffic analysis and associated security controls.
• Retrieving and reviewing security logs, generating evidence reports, and maintaining an audit trail.
• Strong proficiency in using SIEM and Log Management systems specifically to pull compliance-related data (e.g., for HIPAA, PCI DSS, SOC
  2).
• Monitoring scanning reports and prioritizing vulnerabilities.
• Familiarity with Vulnerability Scanners (e.g., Nessus, Qualys, Rapid7) and the ability to interpret their reports.

Must be able to lift 50 pounds, must be able to sit at a desk for long periods of time.

• CompTIA Security+
• (ISC)² Certified in Cybersecurity (CC)
• CompTIA Network+
• CompTIA Cybersecurity Analyst (CySA+)
• GIAC Security Essentials (GSEC)
• Cisco Certified Cyber Ops Associate
• Certified Ethical Hacker (CEH) - EC-Council
• Certified Information Systems Security Professional (CISSP) - (ISC)²
• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Auditor (CISA) - ISACA

Vigilantly monitor and analyze aggregated security events and alerts generated by our Security Information and Event Management (SIEM) system, specifically focusing on data from numerous clients.

Perform rapid, initial triage of security alerts to validate threats, categorize severity across the client base, and distinguish between false positives and genuine security incidents.

Operate and maintain security tooling—such as Endpoint Detection and Response (EDR), firewalls, and cloud security controls—across multi‑tenant environments, ensuring health and optimal configuration for all managed clients.

Maintain accurate and detailed documentation of all security events and incidents in the ticketing and incident management platform.

Execute coordinated incident response procedures for clients, including remote containment actions like isolating compromised systems, blocking malicious traffic, and applying immediate remediation steps.

Follow and contribute to the refinement of client‑specific security playbooks and Standard Operating Procedures (SOPs) designed to address common threats, ensuring compliance with client security standards and SLAs.

Escalate complex, high‑impact, or persistent threats to senior SOC staff and specialized security engineers for deep‑dive investigation and advanced threat hunting.

Gen…