Cyber Security Analyst
EXOS
The Cybersecurity Analyst III at EXOS CYBER is the senior technical escalation point of the SOC — the final analyst-tier authority on the hardest, most ambiguous investigations before a case moves into engineering. When Tier 2 has driven an alert as far as standard playbooks and queries allow and still doesn't have a confident answer, it comes to you. You own confirmed, significant incidents end to end across our client environments. You will support day-to-day security operations for our clients with a primary focus on advanced detection, incident response, and threat hunting, working alongside our Cybersecurity Engineers, and Team Lead. Beyond the queue, you set the bar for investigation quality across the SOC. You QA escalations, mentor and develop Tier 1 and Tier 2, build out the investigation curriculum, and partner with engineering on detection strategy at the program level, not just one noisy rule at a time. This is a hands‑on, deeply technical role designed for analysts with 5+ years of experience (or 2+ years past Tier 2) who are ready to operate as the senior individual contributor in a real‑world MSSP detection‑and‑response practice spanning across a diverse client environments. Serve as the Tier 3 technical escalation point in the SOC. Take the incidents that Tier 2 cannot fully resolve, drive them to a definitive answer, and hand only genuinely engineering‑scoped or architecture‑level problems to the Cybersecurity Engineers and Team Lead with a clear, evidence‑backed recommendation and a proposed course of action. Lead confirmed true‑positive incidents end to end across client environments including but not limited to ransomware, business email compromise, account takeover, lateral movement, and data exfiltration including scoping and impact assessment, containment orchestration via SentinelOne, account isolation and credential rotation in Entra ID, eradication and recovery guidance, evidence preservation, root‑cause analysis, and client communication through resolution. Own and run the proactive threat hunting program: develop hypothesis‑driven hunts across the client base using various queries, EDR telemetry, and indicators from CTI feeds; document findings; and feed confirmed patterns back into detection engineering as durable, reusable detections. Perform host, memory, and network forensics (Velociraptor, endpoint and identity artifacts, timeline reconstruction) to establish what happened, when, and how far it went, and to support breach‑notification and legal/insurance coordination when an incident warrants it. Conduct phishing triage and support email‑based threat investigations, including user impact assessment and remediation steps. Partner with the Cybersecurity Engineers and AI Automation Engineer on detection strategy at the program level coverage and gap analysis against MITRE ATT&CK, detection content design, and false‑positive reduction across the fleet rather than one‑off alert tuning. Apply offensive and adversary‑emulation knowledge to inform detection coverage, and support purple team and adversary‑emulation exercises by translating attacker TTPs into detections and validating that controls fire as expected. Analyze endpoint, identity, and network telemetry to identify suspicious activity, lateral movement, and persistence, and lead phishing and email‑based threat investigations through full user‑impact assessment and remediation. Set and enforce investigation quality standards: QA Tier 1 and Tier 2 escalations and case documentation, run walk‑throughs of significant investigations, give kind and direct feedback, and own the Tier 1/Tier 2 onboarding and skills‑development curri Author the analytical narrative for the most complex client deliverables, post‑incident reports, after‑action reviews, and the senior‑analyst portion of monthly client reporting covering what we saw, what it means, and what we recommend, in language a client technical stakeholder can act on. Drive SOC operational maturity by shaping runbook and playbook architecture, investigation checklists, and repeatable workflows, and by mentoring the team toward consistent, defensible outcomes Must Haves 5+ years of experience in a SOC, incident response, MSSP, or security operations role, or 2+ years past a Tier 2 / Analyst II role in a comparable environment. Demonstrated ability to independently lead complex investigations and confirmed incidents to resolution across endpoint, identity, email, and network telemetry — not just triage and elevate. Advanced command of an EDR (SentinelOne, CrowdStrike, or Defender for Endpoint) and a SIEM (Blumira, Sentinel, Splunk, or QRadar) at the query, pivot, and detection‑authoring level. Practical host and network forensics and evidence‑preservation experience, including timeline reconstruction across Windows event logs, Active Directory, Entra ID, firewall, VPN, DNS, and email security logs. Hands‑on proactive threat hunting experience: building and executing hypothesis‑driven hunts and converting findings into detections. Proficient scripting in PowerShell and/or Python for investigation, log parsing, and automation. Working fluency with the MITRE ATT&CK framework for both investigation and detection‑coverage mapping. Strong command of the incident response lifecycle, escalation criteria, and chain‑of‑custody / evidence‑handling practices. Ability to lead under pressure in a multi‑client environment, prioritize across simultaneous active incidents, and maintain quality and clear documentation throughout. Excellent written communication, with the ability to produce client‑ready incident summaries, post‑incident reports, and analytical narratives, and to mentor junior analysts effectively. Solid fundamentals in TCP/IP, DNS, Windows and Linux internals, and identity and access management. Relevant certifications such as CompTIA CySA+, GIAC GCIH/GCIA/GCFA, BTL2, or equivalent demonstrated experience. Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline. Equivalent military training or certifications considered. Advanced certifications such as GIAC GCIA, GCFA, GCFE, GNFA, GCTI, GREM, or BTL2; offensive‑informed credentials (OSCP, CRTO) a strong plus given the role's detection and purple‑team‑support scope. Prior MSSP experience in a multi‑tenant model, including a multi‑tenant PSA/ticketing platform (ConnectWise, Autotask, ServiceNow, or similar). Detection engineering experience: Sigma rules, KQL, and SentinelOne / Blumira query syntax, plus comfort building detections from hunt findings. Experience with SOAR or rules‑based automation and operationalizing playbooks alongside an AI Automation Engineer. DFIR tooling depth (Velociraptor or comparable) and experience supporting legal, insurance, and breach‑notification workflows during major incidents. Vulnerability management and offensive‑output review experience (ConnectSecure, Tenable, Qualys; NodeZero or comparable pentest/attack‑path findings). Experience mentoring or formally developing junior analysts and building SOC training content. #J-18808-Ljbffr
$69.4k - $158k
...Job Number: R0243018 Cyber Security Analyst The Opportunity As a security operations center analyst, you're in the middle of the action, responding to and mitigating threats in real time. You're the first line of cyber defense for your organization, and they look to you...SuggestedWork at officeLocal areaRemote workShift work$102.17k - $178.78k
...Trinnex is hiring a Senior Cyber Security Analyst to safeguard critical software systems supporting water utilities. The analyst will work at the intersection of cybersecurity and DevSecOps to ensure applications are resilient against threats. This position involves advanced...Suggested$104k - $156k
...Posting Type Remote/Hybrid Job Overview The Advanced Security Engineer is a technically deep, hands-on practitioner who forms the operational backbone of the enterprise security function. Operating within a layered defense-in-depth program, this engineer...SuggestedRemote work$85k - $101k
MISO in Carmel, Indiana is seeking an IT Disaster Recovery Analyst II to enhance their Disaster Recovery program. This role involves developing recovery plans, conducting tests, and ensuring compliance with regulatory standards. The successful candidate will partner with...Suggested- We are seeking a Disaster Recovery Analyst to support and strengthen our enterprise Information Technology Disaster Recovery program. You’ll help ensure compliance, improve recovery processes, and enhance the resilience of critical technology systems. Responsibilities Developing...Suggested
$85k - $101k
Description MISO is seeking an IT Disaster Recovery Analyst II to support and strengthen our enterprise Disaster Recovery (DR) program. In this role, you'll help ensure compliance, improve recovery processes, and enhance the resilience of critical technology systems. You...Local area- ...enterprise network. You will configure Cisco routing and Palo Alto firewalls, ensuring operational stability and contributing to network security improvements. The ideal candidate has a degree in IT, Computer Science, or Engineering, or extensive relevant experience. Join us...
$87.7k - $164k
...Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security... ...Cyber Triage and Forensics (CTF) Incident Analyst will work as a senior member of the technical team...Summer holidayLocal areaFlexible hours$119k - $144k
MISO Default Brand is seeking a Network Engineer I to enhance and support a complex enterprise network in Carmel, Indiana. You will be responsible for configurations, troubleshooting, and working with vendors on network initiatives, primarily focusing on Cisco routing and...- ...significant growth and are looking for a dynamic and experienced CISO to join our leadership team. Job Summary: The Chief Information Security Officer (CISO) will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure...Work at office
- CNO Financial Group, Inc. is seeking a Principal IT Security Architect to shape their enterprise security strategy and architecture. This role covers defining security requirements and leading security architecture efforts across various domains. Ideal candidates will...Remote job
$90k - $110k
...United States Suitability/Public Trust Fully remote Cyber Security Services Overview GovCIO is currently hiring for an Information Systems Security Officer (ISSO) to support our client's contract needs. The ISSO ensures the confidentiality, integrity, and...Full timeContract workCurrently hiringRemote workFlexible hours- ...standards and structured methodologies. Evaluate existing environments and recommend improvements to performance, reliability, and security. Build strong, trust-based relationships through clear communication and proactive support. Collaborate with peers to drive...Full time
- ...Our client, a healthcare organization, is seeking a Clinical Applications Analyst to join their team. As a Clinical Applications Analyst, you will be part of the IT Applications team supporting clinical, pharmacy, and multidisciplinary teams. Job Title: Clinical Applications...
- ...Indianapolis, IN Cybersecurity Analyst Support mission-critical cybersecurity operations for the Defense Finance & Accounting Service... ...required qualifications listed below. Allyon does not sponsor security clearances and does not offer C2C opportunities for this role....Full timeFlexible hoursShift work
$35.06 - $41.2 per hour
...Applications Systems Analyst/Programmer (Master Data Management Team) We have a new opportunity with the State of Indiana – Child... ...Data Management ~4+ years with SSRS (deployment, scheduling, security) ~1+ year with Atlassian tools (Jira/Confluence) Compensation...Hourly payContract workMonday to Friday$57.7k - $107.8k
...Responsibilities include business/systems analysis, requirements definition and documentation, system design, and problem resolution. The analyst communicates with system end-users to understand issues and implement solutions. Essential Responsibilities Plans, designs/builds,...Work experience placementWork at officeLocal areaRemote work$117.1k - $187.3k
...closely with Commercial IT leadership, Technology Product Owners, engineering leaders, Enterprise Architecture, Data, ERP, Commerce, Security, and business partners to define target-state CRM architecture, establish architecture guardrails, reduce technical debt, and...Live inLocal areaWorldwide- ...with product and program teams,establishingarchitectural guardrails, reviewing designs to ensure alignment with target architecture, security, performance, resiliency, and operability standards, supporting both project-centric and product-centric delivery models....For contractors
- ...legacy systems with cloud-native platforms. Cloud Architect Certification is a plus Proven track record to design and build scalable, secure, high-availability enterprise systems, leveraging CI/CD pipelines and automated testing frameworks for global user bases. Drive...Work experience placementLive inLocal areaWorldwide
$94.1k - $170k
...across the full lifecycle of cloud-based services-including infrastructure, application development, testing, and operations-ensuring secure, scalable, and efficient integration of enterprise applications on multitenancy as appropriate. The engineer supports customer-...Contract workWork at office- ...Summary Summary: The Application Analyst contributes to the installation, configuration, and maintenance of enterprise-level software... ...documentation creation are key aspects for the role with a focus on security and staying current with industry trends. Responsibilities...Permanent employmentTemporary workWork at officeLocal area
- ...Applications, Computer Information Systems, Computer Science or related, Math, any Engineering, or Business related. 2 years as a Programmer Analyst, Programmer or related. In lieu of a Bachelor's degree or foreign equivalent in Computer Science or related, any Engineering, or...Work experience placementRelocation
- ...A leading healthcare organization in Indianapolis is seeking a Revenue Cycle EDI Systems Analyst to support and enhance revenue cycle systems. The analyst will be responsible for ensuring compliance with regulatory requirements, monitoring billing metrics, and collaborating...Remote work
$115.8k - $202.7k
...technology deliverables by contributing to and communication of standards and best practices for development, quality assurance, security, and service on-boarding Keep current with industry trends (including solution architecture frameworks and patterns, emerging...Minimum wageLocal areaRemote workNight shift- ...Chief Information Security Officer (CISO), Growth About the Company Accomplished provider of top-tier security services Industry Security and Investigations Type Privately Held About the Role The Company is seeking a Chief Information Security...
- ...Chief Information Security Officer (CISO) About the Company Trusted provider & publisher of consumer insights about car models &... ...CISO) to take on an enterprise-level leadership role in global cyber security, information risk, and resilience. The CISO will be responsible...
$60.8k - $82.9k
...Become a part of our caring community As a Revenue Cycle EDI Systems Analyst , you will report to the VP, RCM. You will be responsible for supporting, monitoring, and optimizing revenue cycle systems utilized by the FSU. You will ensure accurate and timely billing...Bi-weekly payFull timeTemporary workApprenticeshipWork at officeRemote workHome office$120k - $150k
...healthcare. Guided by our mission to make the world’s health data secure, accessible and actionable, we provide critical data solutions... ...are seeking a highly skilled and experienced Senior Systems Analyst – Oracle HCM to join our HRIT team. This individual will be a...$66.79k - $125k
...continuous professional development. We are seeking for a Systems Analyst to join our team. The Collections Coordinator performs daily... ...transitions and alignment with the Firm's enterprise architecture, security standards, and operational goals. This position is ideal for...Work experience placementLocal area
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Cyber Security Analyst. Be the first to apply!
- information security consultant Indianapolis, IN
- cyber security analyst Indianapolis, IN
- cyber Indianapolis, IN
- IT cyber security Indianapolis, IN
- cyber security technician Indianapolis, IN
- remote cyber security Indianapolis, IN
- cyber security Indianapolis, IN
- cybersecurity software engineer Indianapolis, IN
- no experience cyber security Indianapolis, IN
- cybersecurity policy and compliance analyst Indianapolis, IN

