About

The Security Analyst II is responsible for day-to-day cybersecurity operations, including monitoring alerts, investigating incidents, validating endpoint hygiene, and ensuring timely execution of remediation plans. The role serves as a tactical executor under the direction of the Senior Manager, Cybersecurity and in coordination with the SOC and Infrastructure teams. Ideal candidates are those with solid hands-on experience in endpoint security, log triage, DLP monitoring, and vulnerability management.

Your-Day-To-Day

  • Security Event Monitoring & Response:
    • Monitor alerts from EDR (Crowdstrike), DLP (Google Workspace), and other SIEM sources; investigate and escalate validated events.
    • Coordinate with Managed SOC for Level 1/2 triage, assist in root cause validation, and track incidents to closure.
    • Participate in incident response processes, including evidence collection, analysis, and response documentation.
  • Endpoint & Device Visibility:
    • Continuously monitor CS and MEDC installation status, highlighting assets lacking endpoint visibility.
    • Conduct hygiene validation exercises against endpoint baseline (e.g. Crowdstrike health, GWS login telemetry, etc).
    • Work with IT Service Operations to address untagged, unmonitored, or misconfigured devices.
  • Vulnerability & Patch Coordination:
    • Review scan results (e.g., Tenable.io) for high/critical findings and follow up with Infra and IT Ops for remediation status.
    • Support prioritization of vulnerabilities based on asset classification and exposure.
    • Participate in monthly patch and remediation governance tracking.
  • DLP Operations & Enforcement:
    • Investigate DLP rule violations, verify false positives, and escalate breaches aligned to Data Classification policy.
    • Maintain documentation on DLP cases and support tuning of policies with the Cloud Security Engineering team.
    • Support Falcon Data Protection rollout testing (PoC) and feedback loop.
  • Reporting, Compliance & Audit Support:
    • Maintain operational metrics related to endpoint coverage, DLP alerts, and vulnerability remediation.
    • Support audit activities requiring endpoint agent matching, asset traceability, and license reconciliation.
    • Assist with monthly/quarterly reporting to Cybersecurity GRC and CTO functions for ongoing governance reviews.

Qualifications & Experience:

  • Education: Bachelor’s degree in Cybersecurity, Information Technology, or a related discipline.
  • Experience: 2–4 years’ experience in a SOC, IT security operations, or security analyst capacity. Proven experience handling EDR, SIEM, DLP, or VA tools in a mid-size or enterprise organization.
  • Technical Skills:
    • Familiarity with endpoint protection platforms (e.g., Crowdstrike, Carbon Black, SentinelOne).
    • Exposure to vulnerability management tools (e.g., Tenable, Qualys) and patching workflows.
    • Working knowledge of DLP controls in Google Workspace or Microsoft 365 environments.
    • Ability to interpret alerts, analyze logs, and investigate user or system behavior anomalies.
  • Certifications (Preferred):
    • CompTIA Security+, Crowdstrike Certified Falcon Administrator (CCFA), Google Workspace Security Admin, or equivalent.
  • Soft Skills:
    • Effective communication and collaboration skills for working with diverse teams and third-party vendors.
    • Adaptable to changing priorities and able to manage workload independently.

Core Competencies:

  • Operational Rigor – Structured and process-driven approach to handling incidents and tasks.
  • Analytical Thinking – Strong diagnostic skills and an investigative mindset for incident triage.
  • Communication – Able to write clear incident summaries and collaborate across teams effectively.
  • Accountability – Owns assigned alerts, tasks, and follow-ups until closure.
  • Continuous Learning – Seeks to stay updated with new threats, tools, and defensive techniques.