Position Overview:
our MDR team is at the forefront of worldwide data detection and response services. We lead and redefine how data should be monitored, and protected and how data breach incidents should be handled. Its a 24/7 global security service assisting customers to investigate and respond to security incidents.
A Senior (Level 3) Security Analyst within our MDR team is expected to serve as their teams technical lead and a key escalation point for complex security incidents.
In your role, you will lead complex investigations, working directly with customers by assisting them in investigating and responding to security incidents.
As a senior staff in your team, you are expected to mentor junior analysts, and drive continuous improvement of our detection and response capabilities. You will collaborate with internal and external stakeholders, and ensure best practices are followed across monitoring, detection, and incident response processes. This position requires a strong foundation in cybersecurity operations, a deep understanding of SIEM technologies and log sources, as well as the ability to train and document processes for others.
Responsibilities:
Incident Escalations & Investigations
Serve as an escalation point for security alerts and incidents, ensuring timely and thorough investigations.
Perform end-to-end incident handling, including scoping, containment, and eradication activities.
Coordinate and communicate with customers, leadership, and other stakeholders throughout the incident response lifecycle.
Understand, interpret, and analyze a diverse range of log sources (Exchange Online, Entra, Active Directory, Windows events, Azure, DNS, VPN, etc.).
Proactively identify potential threats and anomalies, recommending and implementing improvements in detection logic.
Training & Mentorship:
Assist in training and upskilling junior and mid-level analysts, including sharing best practices in investigations, threat hunting, and emerging threats.
Provide guidance in troubleshooting escalated issues, ensuring efficient knowledge transfer and professional growth within the team.
Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
Provide feedback on gaps or improvements needed in processes, documentation, or technology.
Work closely with Team Leads and other senior staff to align on operational goals, SLA adherence, and service delivery standards.
Communicate findings, root causes, and recommended actions to both technical and non-technical stakeholders clearly and effectively.
Share insights and best practices with the broader team, championing a culture of continuous learning.
Requirements: 3+ years of experience in cybersecurity operations (monitoring, detection, investigation, and incident response) at a global cybersecurity company.
Advanced knowledge of SIEM technologies, including log collection, analysis, and correlation.
Expertise with various log sources (Exchange Online, Entra, Active Directory, Windows Events, SharePoint_0365, Azure, Syslog, DNS, OneDrive, VPN) and the ability to interpret and analyze these logs for security incidents.
Strong understanding of authentication protocols, both modern and legacy (Kerberos, NTLM).
Proven ability to handle escalations from end to end, including incident scoping, containment, eradication, and post-incident activities such as lessons learned and documentation.
Excellent communication skills in English (written and oral) to interface effectively with customers, peers, and leadership.
Ability to mentor and train junior analysts, providing feedback and sharing best practices.
Strong analytical and problem-solving skills, with an eye for detail and the capability to deliver autonomously.
Familiarity with common security tools and technologies, such as EDR, AV, DLP, DSPM, PAM, IAM, firewalls, and IDS/IPS.
This position is open to all candidates.