Cyber Defense Generalist - Americas

Role Description Role located in Beaverton, OR or West Coast Remote The Cyber Defense Generalist – Americas is a hands‑on cyber defense practitioner supporting regional security operations across North and South America. The primary objective of this role is to detect, analyze, contain, and support the resolution of business‑impacting security threats and events through disciplined execution of security operations processes. This role operates within a 24x7 security operations environment, contributing to incident response, alert triage, threat analysis, threat hunting, and data loss prevention (DLP) investigations under established playbooks and escalation models. The L2 Generalist acts as a reliable second‑line responder, handling more complex investigations, supporting incident commanders, and ensuring high‑quality evidence, documentation, and communication. The role provides operational support for U.S. Government‑regulated and customer‑controlled environments, including CMMC‑aligned environments, executing incidents and investigations in a defensible, audit‑ready manner consistent with contractual and regulatory requirements. The Cyber Defense Generalist works in close partnership with global Security Operations, Cyber Defense Engineering, GRC, Audit, IT Shared Services, Infrastructure and Cloud teams, Identity teams, and engages Legal, HR, and Privacy through defined workflows when required. Execution is aligned to the Ralliant Business System (RBS), emphasizing standard work, repeatability, continuous improvement, and measurable outcomes. Key Responsibilities Execute SOC operations including alert investigation, correlation, case management, escalation, and shift handoff in alignment with 24x7 operational coverage models. Perform incident response activities, including detailed analysis, containment support, evidence collection, and recovery coordination under direction of the incident commander. Support incident command by providing timely technical findings, impact assessments, and clear updates suitable for operational and executive audiences. Operate, tune and manage SIEM (LogScale) for Security operations activities. Investigate and respond to DLP alerts, applying defined workflows, documentation standards, and escalation criteria, and coordinating with Legal, HR, and Privacy for sensitive cases. Conduct threat analysis and targeted threat hunting, identifying indicators of compromise, validating detections, and surfacing control gaps or improvement opportunities. Translate threat intelligence into actionable investigative steps, detection feedback, and response recommendations. Support exposure and vulnerability response activities by validating exploitability, assisting with risk‑based prioritization, and tracking remediation or exception outcomes. Ensure high‑quality documentation and evidence handling to support audits, customer inquiries, and regulatory obligations, particularly for regulated environments. Contribute to continuous improvement by providing feedback on detections, false positives, playbooks, and operational workflows. Participate in simulations, tabletop exercises, and after‑action reviews, incorporating lessons learned into day‑to‑day execution. Follow RBS‑aligned standard work, including runbooks, playbooks, checklists, and tooling, to ensure consistent, repeatable, and auditable operations. Partner with Cyber Defense Engineering to improve detection coverage and fidelity across endpoint, identity, cloud, SaaS, email, and network telemetry, including tuning to reduce false positives and increase high confidence detections. Execute threat hunts focused on both security and resilience, identifying control gaps, validating defensive assumptions, and improving readiness for high impact scenarios. Qualifications Bachelor’s degree recommended; equivalent practical experience considered. 3–6+ years of experience in security operations, incident response, or cyber defense roles. Demonstrated hands‑on experience investigating security alerts and incidents across endpoint, identity, cloud, SaaS, email, and network domains. Experience supporting regulated or customer‑driven security environments; familiarity with CMMC and NIST SP 800‑171 expectations is preferred. Practical experience with DLP investigation and response workflows, including handling sensitive data loss scenarios with discretion and defensible documentation. Practical experience in managing and operating a SIEM solution – from ingest to reporting. Working knowledge of threat intelligence consumption and basic threat hunting techniques. Experience collaborating with infrastructure, cloud, identity, and application teams during incident response or remediation activities. Strong written and verbal communication skills, with the ability to clearly document technical findings and explain risk and impact. Ability to operate effectively in a global, multi‑time‑zone environment while maintaining consistency with enterprise standards. Alignment with Ralliant values and the Ralliant Business System (RBS), including ownership, transparency, and continuous improvement. Pay Range The salary range for this position (in local currency) is 66,900.00 – 124,300.00 Export Control The essential duties of this position require adherence to U.S. Government export control regulations. Accordingly, candidates must either be U.S. Persons (i.e., U.S. citizens, U.S. lawful permanent residents, or protected individuals as defined by 8 U.S.C. 1324b(a)(3)) or be prepared to collaborate with the company in securing the necessary U.S. government export authorizations. Candidates should be aware that ongoing employment is dependent upon obtaining the appropriate government export authorizations. We Are an Equal Opportunity Employer. Ralliant Corporation and all Ralliant Companies are proud to be equal‑opportunity employers. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity or expression, or other characteristics protected by law. Ralliant and all Ralliant Companies are also committed to providing reasonable accommodations for applicants with disabilities. Individuals who need a reasonable accommodation because of a disability for any part of the employment application process, please contact us at View email address on click.appcast.io. #J-18808-Ljbffr Ralliant