Senior Cybersecurity / Risk Analyst

The Senior Cybersecurity / Risk Analyst leads the response to high-priority and escalated cybersecurity incidents, with a focus on insider risk and telemetry-driven detection. This role oversees end-to-end incident handling—including detection, analysis, containment, eradication, recovery, reporting, and prevention. The position also drives continuous improvement through development of new detection logic, micro-hunts, and the integration of automation and AI-assisted analytics to increase detection fidelity and reduce manual effort. Success in this role requires advanced technical depth, strong operational rigor, and the ability to communicate clearly with both technical teams and executive stakeholders.

Key Roles And Responsibilities

• Incident leadership: Serve as lead handler for escalated risk and cyber incidents; establish investigation strategy, ensure timely execution, and drive incident closure.
• Advanced investigation and triage: Conduct deep-dive analysis of security events using telemetry, endpoint/network evidence, and threat intelligence to determine scope, impact, and root cause.
• Detection engineering and continuous improvement: Create, tune, and deploy new detection rules and analytics aligned to evolving threats and suspicious behaviors; reduce false positives and improve signal-to-noise.
• Micro-hunts and threat intelligence: Perform targeted hunts to Client emerging behaviors and translate findings into actionable detections, controls, and playbooks.
• Remediation and containment: Partner with IT and security stakeholders to drive containment, remediation, and recovery actions across endpoints, identities, and cloud services.
• Process and program maturity: Contribute to incident response process improvements, documentation standards, and after-action reviews; support development of tabletop exercise scenarios.
• Executive communication: Produce clear, concise updates for leadership (status, impact, risk, and next steps) and deliver required incident reports and post-incident summaries. Required Qualifications
• Four (4) or more years of hands-on cybersecurity experience in incident response, security operations, insider risk, threat detection, or a closely related function.
• Demonstrated experience leading or handling escalated incidents, including triage, investigation, containment, remediation, and post-incident reporting in complex enterprise environments.
• Proficiency with security telemetry and investigation workflows across endpoint and network data sources; experience using SIEM analytics (e.g., Splunk) and EDR tooling.
• Working knowledge across multiple domains such as host analysis, network forensics, cloud environments, UEBA/anomaly detection, intrusion detection, threat research/intelligence, detection engineering, and data analysis.
• Ability to develop or maintain automation using scripting (e.g., Python, PowerShell, Bash) and/or APIs to improve security operations.
• Strong written and verbal communication skills, including the ability to produce executive-ready summaries and lead discussions with technical and non-technical stakeholders.
• Demonstrated integrity and discretion in handling sensitive investigations and confidential data. Preferred Qualifications
• Experience with Tanium (or comparable endpoint management/telemetry platforms) and building integrations across enterprise security tools.
• Experience implementing automation or orchestration in security operations (SOAR, APIs, pipelines, scripted workflows) to accelerate response and improve consistency.
• Experience applying AI-assisted analytics for alert enrichment, correlation/deduplication, prioritization, and operational reporting.
• Experience with insider risk programs, user/entity behavior analytics (UEBA), and behavior-based detection strategies.
• Experience investigating and responding to threats in cloud and SaaS environments.
• Experience mentoring analysts and contributing to training, playbooks, and tabletop exercise development.
• Relevant industry certifications (e.g., GCIA, GCIH, GCFA, CISSP, or equivalent) and/or a bachelor's degree in a related field.