IT Security Analyst (USI5) (1512)

SUMMARY: The IT Security Analyst II serves as the primary internal responder and a critical member of VSE's cybersecurity defense team, responsible for proactive threat detection, in-depth analysis, and end-to-end incident response. This hands-on role owns the discovery, triage, investigation, and resolution lifecycle for all alerts escalated by VSE's managed SOC partner, driving containment and remediation while coordinating with IT, Security, Application, Service Desk, and Infrastructure teams to minimize business impact. The IT Security Analyst II acts as a subject matter expert for key security technologies and plays a key role in continuously improving VSE's overall security posture across its aviation aftermarket, distribution, manufacturing, and MRO operations.

DUTIES & RESPONSIBILITIES:


Responsibilities include, but are not limited to:

• Own the triage and investigation of all security alerts and incidents in alignment with VSE's Incident Response (IR) framework, serving as the primary responder and escalation point in coordination with VSE's managed SOC partner.
• Perform advanced analysis of security alerts from multiple sources to identify true positives, detect emerging threats, and recommend containment and remediation strategies.
• Serve as the primary point of contact for escalated incidents from Tier I analysts and managed SOC partners.
• Own and continuously improve the incident response playbooks, ensuring procedures evolve with threat intelligence and adversarial trends.
• Develop and implement SIEM use cases, correlation rules, and dashboards to improve detection accuracy and operational efficiency.
• Manage and maintain endpoint, email, and cloud security platforms - ensuring configurations, policies, and rules are optimized for evolving threats.
• Conduct phishing simulations and user behavior analysis; lead targeted awareness campaigns for high-risk groups.
• Perform root cause analysis for recurring incidents and propose technical or procedural remediation plans.
• Collaborate closely with Network, Infrastructure, and Cloud teams to harden environments and ensure consistent enforcement of security controls.
• Support security audits, penetration testing activities, and red/blue/purple team exercises - driving follow-up actions to closure.
• Generate metrics, reports, and trend analysis to inform leadership and support continuous improvement initiatives.
• Act as the technical lead for specific security domains (e.g., SOAR/SIEM operations, incident response).
• Guide team members in threat analysis and incident handling.
• Contribute to policy and process development, ensuring alignment with regulatory frameworks and industry best practices.
• Lead post-incident reviews and lessons-learned sessions to improve detection and response maturity.
• Other duties as assigned.

MINIMUM REQUIREMENTS:

• Bachelor's degree in computer science, information security, or a related field; or equivalent combination of education, technical certifications, and relevant experience.
• Minimum of 4-6 years of experience in cybersecurity operations, incident response, or related security domains.
• Proven hands-on experience with SIEM, SOAR, EDR, and email security technologies.
• Strong analytical skills and the ability to correlate logs across multiple systems to identify patterns and potential compromises.
• Proficient with scripting languages such as PowerShell, Python, or like automate investigative tasks.
• Working knowledge of Azure and Microsoft 365 security stacks, including Entra, Defender for Cloud, and Intune.
• Understanding of cloud security principles (SaaS, PaaS, IaaS) and identity management concepts (MFA, PKI, RBAC).
• Excellent communication, documentation, and interpersonal skills; able to articulate complex technical issues to non-technical stakeholders.
• Ability to work independently, prioritize tasks effectively, and make sound decisions in high-pressure scenarios.
• Engage directly with end users following a triggered security event (e.g., phishing link clicked, or malware executed), investigate the sequence of actions, determine scope, and impact, and communicate required next steps to the user and response team.
• Coordinate with IT and infrastructure teams to isolate affected endpoints, remove them from the network, ensure account integrity, provide replacement assets if needed, and restore user productivity while minimizing business disruption.
• Design and deliver targeted remedial training or awareness follow-up to users when security incidents occur, helping to reduce repeat events and strengthen the human element of defense.

PREFERRED REQUIREMENTS:

• Master's degree
• CompTIA Security+ CE (required); additional advanced certifications such as CySA+, CASP+, or SANS (GCIA, GCIH, GMON) are strongly preferred.
• Experience in tuning SIEM detections and authoring correlation rules.
• Hands-on experience with Sentinel One, CrowdStrike, or similar EDR services
• Experience conducting or participating in tabletop and red/purple team exercises.
• Familiarity with MITRE ATT&CK framework and cyber kill chain analysis.
• Familiarity with NIST CSF, 800-171, ISO 27001 or similar frameworks.
• Demonstrated success leading cross-functional initiatives or incident response efforts.

OTHER:

• Participation in on-call rotation for after-hours incident escalation.
• Occasional travel may be required.
• The selected applicant will be subject to a background check and drug testing.

Equal Opportunity/Affirmative Action Employer. VSE considers candidates regardless of race, color, religion, gender, sexual orientation, gender identity, national origin, disability or veteran status, or any other characteristic protected by law.