Cybersecurity Analyst

Cybersecurity Analyst 

InfoSec Organization •  Reports to CISO  •  On-site 

About the Role 

We are hiring a Cybersecurity Analyst to own our day-to-day security monitoring function and produce the evidence required to achieve and maintain our cybersecurity certification. This role is the operational core of our cybersecurity organization, responsible for managing alert triage across our cybersecurity tool stack, coordinating with our managed SOC partner, documenting security events, and keeping our monitoring and incident response activities continuously evidenced and ready for review. 

This is a hands-on, high-accountability role reporting directly to the CISO. You will work closely with our InfoSec Engineer, Compliance Program Manager, and our managed security operations partner. You will help set up and monitor our security tool stack, which spans endpoint protection, network detection, secure web access, application control, and identity management. You establish the monitoring cadence that keeps our security posture visible and our compliance evidence current. 

The Immediate Mission 

You will be assisting in getting the organization assessment ready: 

• Take ownership of daily alert triage across our security tool stack, reviewing and dispositioning alerts before they age without review 
• Serve as the internal liaison to our managed SOC partner, receiving their monitoring reports, validating their outputs, and integrating their work into our compliance evidence.
• Build and maintain the incident log, ensuring every security event is captured, classified, and closed with supporting documentation.
• Produce audit log evidence demonstrating that our systems are monitored, logs are retained, and events are reviewed on a consistent schedule.
• Deliver regular monitoring reports to our compliance tracking platform, ensuring up-to-date evidence flows into our central repository.
• Coordinate with the Compliance Program Manager to ensure monitoring and incident response evidence is organized and ready for assessor review.

What You’ll Own 

Security Monitoring and Alert Triage 

• Own daily triage of alerts from our network detection platform and other security tools, reviewing, classifying, escalating, and documenting dispositions.
• Serve as the primary internal point of contact for our managed security operations partner, receiving daily and weekly alert summaries, validating completeness, and tracking open items to closure.
• Maintain the security event log, a running record of alerts, dispositions, escalations, and outcomes that serve as core compliance evidence 
• Identify patterns in alert data and surface recurring issues to the InfoSec Engineer for remediation.
• Ensure continuous monitoring coverage is documented and demonstrable, a direct requirement of the cybersecurity framework we are certifying against 

Incident Response Documentation 

• Own the incident log, documenting every security event from detection through closure, including timeline, classification, containment actions, and resolution.
• Coordinate with our managed security operations partner on incident triage, escalation, and post-incident reporting, ensuring their outputs are captured and integrated into our internal records.
• Maintain the Incident Response Plan as a living document, updating it based on lessons learned and ensuring it reflects actual operational procedures.
• Produce incident response evidence for our compliance assessment, including incident logs, escalation records, containment documentation, and post-incident reviews.
• Support the Compliance Program Manager in mapping incident documentation to the applicable compliance controls.

Log Management and Audit Evidence 

• Pull and organize log samples from our endpoint protection, network security, web access, application control, and identity management platforms, demonstrating that logging is active and coverage is comprehensive.
• Document log configuration, including retention settings, coverage scope, and alert thresholds, as evidence that our monitoring posture meets compliance requirements 
• Produce regular monitoring reports to our compliance tracking platform, ensuring the system reflects the current operational status 
• Coordinate with the InfoSec Engineer to ensure logging is enabled and configured correctly across all systems in scope.
• Maintain organized evidence packages, including log samples, triage records, and monitoring reports, ready for assessor review.

Managed SOC Coordination 

• Serve as the day-to-day operational liaison to our managed security operations partner, tracking deliverables, validating report quality, and escalating gaps to the CISO.
• Ensure monitoring outputs from our security partner are received on schedule and integrated into internal compliance records.
• Own the deliverable log, tracking what has been received, what is outstanding, and what has been incorporated into evidence packages.
• Coordinate with the Compliance Program Manager to ensure third-party security operations outputs satisfy our compliance requirements.

Continuous Monitoring and Compliance Platform 

• Maintain our compliance tracking platform as the operational source of truth for monitoring evidence, uploading reports, log reviews, and control status updates on a regular cadence 
• Support the Compliance Program Manager in maintaining continuous compliance readiness after certification 
• Flag gaps in monitoring coverage, log retention, or incident documentation to the CISO and Compliance Program Manager 
• Participate in periodic control effectiveness reviews, providing operational data and evidence to support ongoing assessments 

Basic Qualifications 

• 3 or more years in cybersecurity operations, SOC analyst, or cybersecurity monitoring role 
• Hands-on experience with endpoint protection, network detection, or security event management platforms in an operational capacity, including reviewing alerts, triaging events, and documenting outcomes 
• Demonstrated ability to write and maintain incident response documentation, such as incident logs, incident reports, and post-incident reviews 
• Experience working with or alongside a managed security operations provider, receiving their output, and integrating it into internal security operations 
• Familiarity with audit logging requirements and log review processes, including an understanding of what logging coverage means and how to demonstrate it 
• Organized, detail-oriented, and able to maintain documentation quality under day-to-day operational pressure 
• Comfortable working in a lean security organization where you own your domain independently 

Preferred Qualifications 

• Direct experience supporting a formal cybersecurity compliance effort, with an understanding of how operational security outputs map to compliance evidence 

Our current security tool stack and the experience we are looking for: 

• Endpoint protection and detection — we use CrowdStrike 
• Network detection and response — we use Darktrace 
• Secure web gateway and network security — we use Zscaler 
• Application allows listing and execution control — we use ThreatLocker 
• Identity and access management event monitoring — we use Okta 
• Compliance tracking and evidence management — we use Vanta 
• Relevant certifications are a plus but not required. We recognize Security+, CySA+, GCIA, GCIH, and CISA as strong signals for this role. Candidates working toward or eligible for CISSP are equally welcome. 
• Familiarity with compliance-driven security environments, where day-to-day monitoring and incident documentation are part of a larger audit and certification process, is a plus but not required.
• Familiarity with security information and event management platforms such as Splunk, Microsoft Sentinel, or Chronicle, relevant as we continue to build out our log aggregation capabilities 
• A bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field is a plus. Equivalent hands-on experience, military cybersecurity training, or industry certifications are equally considered. 

Compensation

• Cybersecurity Analyst: $110,000 - $140,000
• Leveling and base salary are determined by job-related skills, education level, experience level, and job
• performance
• You will be eligible for long-term incentives in the form of stock options and/or long-term cash awards
• Offer compensation also includes the ability to purchase company stock through the Employee Stock Purchase Plan