About
The Security Analyst II is responsible for day-to-day cybersecurity operations, including monitoring alerts, investigating incidents, validating endpoint hygiene, and ensuring timely execution of remediation plans. The role serves as a tactical executor under the direction of the Senior Manager, Cybersecurity and in coordination with the SOC and Infrastructure teams. Ideal candidates are those with solid hands-on experience in endpoint security, log triage, DLP monitoring, and vulnerability management.
Your-Day-To-Day
- Security Event Monitoring & Response:
- Monitor alerts from EDR (Crowdstrike), DLP (Google Workspace), and other SIEM sources; investigate and escalate validated events.
- Coordinate with Managed SOC for Level 1/2 triage, assist in root cause validation, and track incidents to closure.
- Participate in incident response processes, including evidence collection, analysis, and response documentation.
- Endpoint & Device Visibility:
- Continuously monitor CS and MEDC installation status, highlighting assets lacking endpoint visibility.
- Conduct hygiene validation exercises against endpoint baseline (e.g. Crowdstrike health, GWS login telemetry, etc).
- Work with IT Service Operations to address untagged, unmonitored, or misconfigured devices.
- Vulnerability & Patch Coordination:
- Review scan results (e.g., Tenable.io) for high/critical findings and follow up with Infra and IT Ops for remediation status.
- Support prioritization of vulnerabilities based on asset classification and exposure.
- Participate in monthly patch and remediation governance tracking.
- DLP Operations & Enforcement:
- Investigate DLP rule violations, verify false positives, and escalate breaches aligned to Data Classification policy.
- Maintain documentation on DLP cases and support tuning of policies with the Cloud Security Engineering team.
- Support Falcon Data Protection rollout testing (PoC) and feedback loop.
- Reporting, Compliance & Audit Support:
- Maintain operational metrics related to endpoint coverage, DLP alerts, and vulnerability remediation.
- Support audit activities requiring endpoint agent matching, asset traceability, and license reconciliation.
- Assist with monthly/quarterly reporting to Cybersecurity GRC and CTO functions for ongoing governance reviews.
Qualifications & Experience:
- Education: Bachelor’s degree in Cybersecurity, Information Technology, or a related discipline.
- Experience: 2–4 years’ experience in a SOC, IT security operations, or security analyst capacity. Proven experience handling EDR, SIEM, DLP, or VA tools in a mid-size or enterprise organization.
- Technical Skills:
- Familiarity with endpoint protection platforms (e.g., Crowdstrike, Carbon Black, SentinelOne).
- Exposure to vulnerability management tools (e.g., Tenable, Qualys) and patching workflows.
- Working knowledge of DLP controls in Google Workspace or Microsoft 365 environments.
- Ability to interpret alerts, analyze logs, and investigate user or system behavior anomalies.
- Certifications (Preferred):
- CompTIA Security+, Crowdstrike Certified Falcon Administrator (CCFA), Google Workspace Security Admin, or equivalent.
- Soft Skills:
- Effective communication and collaboration skills for working with diverse teams and third-party vendors.
- Adaptable to changing priorities and able to manage workload independently.
Core Competencies:
- Operational Rigor – Structured and process-driven approach to handling incidents and tasks.
- Analytical Thinking – Strong diagnostic skills and an investigative mindset for incident triage.
- Communication – Able to write clear incident summaries and collaborate across teams effectively.
- Accountability – Owns assigned alerts, tasks, and follow-ups until closure.
- Continuous Learning – Seeks to stay updated with new threats, tools, and defensive techniques.