Security Analyst (Cyber Defense Analyst)

 

 

 

AHEAD is seeking a Cyber Defense Analyst to join the AHEAD Corporate Security Cyber Defense team. This position contributes to the successful delivery of AHEAD’s information security program in order to assure AHEAD stakeholders of strong operating controls and effective defensive capabilities.

The Cyber Defense Analyst is responsible for monitoring, triaging, investigating, and reporting on security events across the enterprise. A typical day will include reviewing and remediating alerts in our security platforms, supporting incident response activities, improving detections, and working on information security-related projects that strengthen AHEAD’s overall security posture.

Reporting directly to Corporate Security leadership, the ideal candidate must be a professional, collaborative team player that is comfortable working with people at all levels of the organization. Applicants should possess strong analytical, communication, follow-up and quality assurance skills, along with the ability to operate effectively in a fast-paced security environment.

Monitor, triage, and analyze security alerts, telemetry, and log data across enterprise security platforms, including SIEM and other detection technologies.

Perform in-depth analysis of exploits, attacker behavior, and anomalous activity across endpoint, identity, network, cloud, and application data sources.

Review and correlate security events in the SIEM to identify threats, validate detections, and support timely incident declaration and escalation decisions.

Document investigative findings, response actions, and evidence throughout the incident lifecycle, and provide timely status updates to leadership and stakeholders.

Conduct proactive threat hunting and threat research to identify emerging risks, adversary techniques, and gaps in current detection coverage.

Contribute to detection engineering and response automation efforts that improve Cyber Defense monitoring and containment capabilities.

Support security tooling operations by helping maintain the effectiveness, reliability, and visibility of core defensive technologies used by the Cyber Defense team.

Assist with the development and refinement of incident response processes, playbooks, workflows, and operational procedures to improve overall Cyber Defense effectiveness.

Communicate intrusion activity, incident details, threat trends, and recommended actions clearly to internal stakeholders and leadership.

Partner with infrastructure teams and system owners to review vulnerability findings, help prioritize remediation, and track closure of high-risk issues.

 

5+ years of experience in information security, ideally including direct experience in incident response, cyber defense, or security operations in a corporate or enterprise environment

Hands-on experience with SIEM platforms, including creating and using searches, dashboards, alerts, and investigations; experience with CrowdStrike NG-SIEM strongly preferred

Experience with Microsoft 365 security technologies, including Microsoft Defender XDR for email, identity, and collaboration platforms

Basic knowledge of networking concepts and cloud environments, including AWS and Azure

Foundational knowledge of Windows and macOS

Strong written and verbal communication skills, including clear incident documentation and the ability to communicate technical findings to non-technical stakeholders in a global environment

Familiarity with MITRE ATT&CK, NIST CSF, CIS Controls, or similar security frameworks is preferred

Basic familiarity with scripting or query languages such as PowerShell, Python, or similar to support automation and analysis is preferred

Experience supporting vulnerability management processes using tools such as Tenable and Wiz, including triage, validation, prioritization, and remediation tracking is preferred

Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field