Cybersecurity Analyst I

Job Description

What You Will Do

The Cybersecurity Analyst at EXOS CYBER is the front line of our SOC, the first set of eyes on every alert that comes into our environment, responsible for fast, accurate triage, clean documentation, and timely escalation when something warrants deeper investigation. You will support day-to-day security operations for our clients with a primary focus on security monitoring, detection, and incident response, working alongside senior security engineers and incident responders. This is a hands-on, high-volume role designed for analysts with 2 to 6 years of experience who are ready to deepen their SOC skills while gaining broad exposure to a real-world MSSP detection-and-response stack across diverse client environments. You will help protect clients by identifying threats, responding to alerts, and continuously improving security posture.

• Monitor and triage security alerts across multiple client environments using SIEM, EDR, email security, and cloud security tools

• Validate and investigate common alert types, determine impact, and recommend or execute initial response actions based on runbooks

• Escalate high-severity or complex incidents to senior responders with accurate context, evidence, and timelines

• Perform incident response support activities, including containment guidance, indicator collection, and post-incident documentation

• Analyze endpoint, identity, and network telemetry to identify suspicious activity, lateral movement, and persistence attempts

• Conduct phishing triage and support email-based threat investigations, including user impact and remediation steps

• Maintain thorough case notes, incident summaries, and client-ready communications in the ticketing or case management system

• Assist with detection content improvements, including rule tuning, alert suppression, and use case enhancements to reduce false positives

• Support vulnerability scanning programs by helping interpret results, tracking remediation, and coordinating follow-ups with client IT teams

• Contribute to operational excellence by improving runbooks, investigation checklists, and repeatable workflows

Job Requirements

What You Have Done

• 2 to 6 years of experience in a SOC, MSSP, or security operations focused role

• Hands on experience investigating alerts from SIEM and EDR platforms and working cases end to end for routine incidents

• Familiarity with common log sources such as Windows event logs, Active Directory, Azure AD or Entra ID, firewall, VPN, DNS, and email security logs

• Experience triaging phishing, malware, suspicious authentication activity, and policy or misconfiguration-driven alerts

• Working knowledge of incident response lifecycle, escalation criteria, and evidence preservation

• Ability to prioritize effectively in a multi-client environment and manage multiple active cases without losing quality

• Strong documentation habits with the ability to produce clear, client-ready updates and incident summaries

• Solid fundamentals in TCP/IP, DNS, Windows and Linux concepts, and identity and access management

• Experience with ticketing systems and meeting SLAs for response, escalation, and customer communication

• Relevant certifications such as CompTIA Security+, CySA+, Microsoft security fundamentals, or equivalent experience preferred

Preferred Qualifications

• Associate or Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related discipline. Equivalent military training or certifications considered.

• CompTIA CySA+, Blue Team Level 1 (BTL1), GIAC GSEC, or Microsoft SC-200.

• Prior MSSP, MSP, or multi-tenant environment exposure.

• Hands-on lab experience: TryHackMe, LetsDefend, Blue Team Labs, or home-lab portfolio.

• Light scripting comfort (PowerShell or Python) for log parsing and host investigation.

• Familiarity with the MITRE ATT&CK framework.