**Responsibilities**: - Detect and respond to malicious behavior on cloud systems, SaaS, workstations, servers, and networks - Review and respond to escalated security events - Proactively hunting threats within our environment - Write detection signatures, tune systems / tools, develop automation scripts and correlation rules - Maintain knowledge of adversary tactics, techniques, and procedures (TTP) - Conduct forensic analysis on systems and engage third-party resources as required - Provide timely and relevant updates to appropriate stakeholders and decision makers **Qualifications and Experience**: - 2+ years of relevant security experience - Bachelor’s in Computer Science, Information Security, Business, Management, Information Technology, or related field - Hands-on experience in the detection, response, mitigation, and/or reporting of cyberthreats affecting networks, computer intrusion detection, analysis, and incident response - Experience in forensics, malware analysis, threat intelligence - Ability to understand, modify and create threat detection rules within a SIEM (Splunk, Sentinel, IBM QRadar) - Knowledge and experience with Windows, Linux operating systems, Networks, and Cloud Technologies - Experience using Python, Perl, PowerShell, or an equivalent language - Experience with network forensics and associated toolsets and analysis techniques - Experience with host-based detection and prevention suites (Crowdstrike, Palo Alto, Splunk, Microsoft SCEP, Carbon Black Response, OSSEC, Microsoft Defender, Microsoft Azure Security Center, Azure Sentinel, etc.) - The ability to reverse engineer malware is a plus - Understanding of log collection and aggregation techniques, Elasticsearch, Logstash, Kibana (ELK), Syslog-NG, Windows Event Forwarding (WEF), etc. - Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities - Certifications including but not limited to: Azure Security Engineer, CEH - Certified Ethical Hacker, Comptia Security+, CISSP, BTL1, BTL2, CASP, CysA - Experience working with cloud technologies (AWS, Azure, SaaS, etc.)