Cyber Defense Analyst

Tasks

• Conduct investigations across SIEM EDR and CSPM
• Design AI prompt and agent workflows
• Design and tune detection rules
• Escalate incidents and manage alert lifecycle
• Evaluate and optimize AI automation workflows
• Execute incident response engagements
• Execute incident response runbooks
• Handle evidence and maintain chain of custody
• Improve log ingestion and data quality
• Investigate alerts and determine scope and severity
• Maintain operational notes and shift handoff
• Map detection coverage to MITRE ATTACK
• Monitor and triage security alerts
• Participate in on-call rotation
• Perform forensic analysis and evidence collection
• Reduce false positives and close detection gaps
• Refine IR runbooks and playbooks
• Support tabletop exercises and purple team activities
• Track and report operational security metrics
• Translate threat intelligence into detection content
• Use AI tools for alert triage and enrichment
• Validate detection logic with threat hunting
• Write incident summaries and post incident reports

Perks/Benefits

• N/A

Skills/Tech-stack

AI Automation | Alert triage | Audit Logging | CSPM | Chain of Custody | Cloud Audit Logging | Cloud audit | Detection engineering | Detection rules | EDR | Evidence handling | Flow analysis | Forensic analysis | Identity Provider | Identity Provider Logs | Incident Response | LLM | Mitre Attack | Network flow | Network flow analysis | Orchestration | Powershell | Prompt engineering | Python | Query Writing | SIEM | SOAR | Scripting | Threat Intelligence