Cyber Defense Analyst

Tasks

• Assist with prompt design and LLM pipelines
• Conduct investigations across SIEM EDR and CSPM sources
• Design implement and tune detection rules
• Evaluate and optimize AI and automation workflows
• Execute incident response runbooks and workflows
• Improve log ingestion and data quality integrations
• Investigate security alerts for scope severity and escalation
• Maintain chain of custody for forensic artifacts
• Maintain operational notes and shift handoff documentation
• Map detection coverage to MITRE ATT and CK
• Monitor and triage security alerts
• Participate in on call rotation and after hours escalation
• Perform incident response evidence collection and forensic analysis
• Reduce false positives and close detection gaps
• Refine IR runbooks playbooks and standard operating procedures
• Track and report operational metrics
• Translate threat intelligence into detection content
• Use AI tools for alert triage enrichment and investigation
• Validate detection logic through threat hunting
• Write incident summaries and post incident reports

Perks/Benefits

• Continual learning culture
• Flexible work environment
• On-call support rotation

Skills/Tech-stack

AI Assisted Triage | Audit trails | Behavior Analysis | CSPM | Chain of Custody | Cloud Audit Trails | Cloud audit | Detection engineering | Detection-as-code | EDR | Endpoint behavior | Endpoint behavior analysis | Flow analysis | Forensic analysis | Identity Provider | Identity Provider Logs | Incident Response | LLM | Log Ingestion | MITRE ATT and CK | Network flow | Network flow analysis | Powershell | Prompt engineering | Python | SIEM | SOAR | SOAR orchestration | Scripting | Threat Intelligence | Threat hunting | “as-code”