Monitor, analyze, and respond to security events across a diverse environment dominated by Mac and Linux systems, with supplementary Windows support. This role is central to maintaining organizational security through proactive threat detection and rapid incident resolution.
What You'll Do
- Continuously monitor and triage security alerts from EDR and SIEM platforms, prioritizing based on severity and potential impact.
- Develop, test, and improve detection logic using CQL or equivalent query languages to identify malicious activity across endpoints.
- Conduct deep-dive investigations into security incidents, including malware execution, phishing attempts, and persistent threats, using CrowdStrike and SIEM data.
- Proactively hunt for threats by analyzing patterns in endpoint and network telemetry to uncover undetected compromises.
- Respond to confirmed incidents following defined protocols, ensuring timely containment and remediation.
- Document technical findings clearly and recommend actionable steps to reduce risk and improve defenses.
- Collaborate with internal teams to strengthen security posture and address vulnerabilities.
- Participate in an on-call rotation to support round-the-clock monitoring and response operations.
- Escalate complex or high-risk incidents to the incident response team with comprehensive context.
Requirements
- 4–5+ years of experience in a security operations or incident response role.
- Proven experience with EDR platforms, particularly CrowdStrike, for alert triage and investigation.
- Ability to write and refine detection queries using CQL or similar languages.
- Experience managing high volumes of security alerts in a fast-paced environment.
- Familiarity with threat intelligence sources, OSINT tools (e.g., VirusTotal), and forensic analysis techniques.
- Strong analytical and critical thinking skills to assess complex security events.
- Self-motivated with a track record of independent problem-solving and initiative.
- Comfortable working remotely under pressure with a high degree of accountability.
- Solid understanding of cybersecurity fundamentals, attack methodologies, and threat landscapes.
- Proficiency in analyzing logs, network traffic, and endpoint data—especially on Mac and Linux systems.
- Knowledge of incident response lifecycle and best practices.
- Operating system expertise primarily in Mac and Linux, with working knowledge of Windows.
- Attention to detail and ability to make accurate decisions during high-stress situations.
- Commitment to ongoing learning and skill development in cybersecurity.
Benefits
- Remote work flexibility with global team collaboration.
- Opportunities for professional growth through continuous learning and skill advancement.
- Engagement in a culture that values ownership, reliability, and proactive problem-solving.
- Exposure to cutting-edge security technologies and real-world threat scenarios.
Preferred Qualifications
- Experience writing and tuning detection rules to improve threat visibility and investigation efficiency.
- Scripting ability in Python or similar languages to automate routine SOC tasks.
- Background in developing playbooks within Crowdstrike Fusion SOAR or other orchestration platforms.
- Knowledge of cloud security principles and experience with GCP, AWS, or Azure environments.
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field—equivalent experience accepted.
