Responsibilities

Triage and investigate security alerts originating from internal security tooling as well as those escalated by external security monitoring partners.
Monitor and manage the internal security operations ticket queue, ensuring alerts and investigations are prioritized, tracked, and resolved in a timely manner.
Assist with investigation of security events across endpoint, identity, cloud, and SaaS platforms.
Support incident response activities including investigation, containment coordination, documentation, and post-incident analysis.
Respond to external threat intelligence and digital risk alerts related to potential brand abuse, impersonation, or exposed credentials.
Collaborate with security engineering teams and external security partners to improve detection coverage and reduce false positives.
Help identify gaps in logging, telemetry, or investigation workflows across security platforms.
Assist with threat hunting and security investigations using data from SIEM and other security tools.
Support vulnerability management workflows by assisting with triage, prioritization, and tracking of remediation activities.
Own and manage the security operations queue while serving as a central intake point for security questions, alerts, and reports across the organization.
Operate the organization’s phishing simulation program to reduce susceptibility to social engineering threats, including managing phishing campaigns and coordinating targeted remediation training.
Identify opportunities to improve security operations through process improvements, automation, and responsible use of AI.
Maintain documentation for incident response procedures, investigation workflows, and operational playbooks.
Participate in the security team’s on-call rotation to support investigation and response activities when needed.

Requirements

3+ years of experience in security operations, incident response, threat detection, or a related cybersecurity role.
Experience investigating security alerts or suspicious activity across environments such as endpoint, identity, cloud, or SaaS systems.
Experience triaging and managing security investigation workflows, including ticket queues or incident tracking systems.
Familiarity with SIEM platforms, log analysis, and security monitoring tools.
Understanding of common attacker techniques and frameworks such as MITRE ATT&CK.
Experience working with security tools such as EDR platforms, identity systems, cloud logging platforms, or similar technologies.
Familiarity with modern AI-enabled tools used in enterprise environments and an understanding of risks associated.
Experience improving security operations through automation, scripting, or responsible use of AI to increase operational efficiency.
Strong analytical and investigative skills with the ability to evaluate security events and determine potential impact.
Ability to coordinate investigations across multiple teams and communicate findings clearly to technical and non-technical stakeholders.
Strong written documentation skills for incident records, investigation notes, and operational procedures.

Nice-to-Haves

Relevant security certifications such as Security+, CySA+, SSCP, GSEC, or GCIH.