The Mid-Level Cyber Defense Analyst uses defensive measures and information collected from a variety of sources to identify, analyze, and report vulnerabilities and malicious events. This role focuses on maintaining the integrity of our internal and cloud networks by conducting deep-dive analysis of security data, recognizing operational trends, and leading initial incident containment efforts.

Responsibilities:
• Investigate security alerts escalated by SOC Level 1 analysts.
• Perform deeper analysis of suspicious activity across SIEM, EDR, network, identity, cloud, and email security platforms.
• Validate whether security events represent false positives, suspicious behavior, policy violations, or confirmed cybersecurity incidents.
• Correlate events across multiple log sources to identify attack patterns, affected assets, compromised accounts, lateral movement, malware activity, or unauthorized access.
• Determine the scope, severity, business impact, and urgency of security incidents.
• Recommend containment, eradication, and remediation actions to the appropriate technical teams.
• Create and maintain accurate incident timelines, investigation notes, evidence records, and escalation summaries.
• Support phishing investigations, endpoint compromise analysis, suspicious login reviews, malware alerts, brute-force attacks, data exfiltration indicators, and cloud security events.
• Review and improve SOC playbooks, investigation procedures, and escalation criteria.
• Provide technical guidance, coaching, and feedback to SOC Level 1 analysts.
• Identify recurring false positives and recommend tuning improvements for SIEM, EDR, and other detection platforms.
• Participate in post-incident reviews and provide recommendations to improve detection, response, and prevention.
• Support shift handovers by documenting open incidents, pending actions, and important operation contexts.

Requirements
• 2 to 4 years of experience in SOC operations, cybersecurity monitoring, incident response, security operations, network security, endpoint security, or infrastructure security.
• Previous experience as a SOC Analyst L1 or equivalent role.
• Experience investigating real security alerts and documenting incident findings.
• Practical knowledge of SIEM, EDR, identity logs, firewall logs, email security alerts, and endpoint events.
• Experience escalating incidents and recommending remediation actions.
• Preferred Certifications: CompTIA CySA+, Blue Team Level 1 / BTL1, Blue Team Level 2 / BTL2, Microsoft AZ-500, CompTIA Security+, CompTIA Network+, Cisco CCNA, Fortinet FCP / NSE, Microsoft AZ-500, as a plus for cloud/security environments, eCIR .
• Language: English C1 is required

Originally