Cyber Defense Generalist - Americas

Cyber Defense Generalist – Americas

Role located in Beaverton, OR or West Coast Remote

The Cyber Defense Generalist – Americas is a hands-on cyber defense practitioner supporting regional security operations across North and South America. The primary objective of this role is to detect, analyze, contain, and support the resolution of business-impacting security threats and events through disciplined execution of security operations processes.

This role operates within a 24x7 security operations environment, contributing to incident response, alert triage, threat analysis, threat hunting, and data loss prevention (DLP) investigations under established playbooks and escalation models. The L2 Generalist acts as a reliable second-line responder, handling more complex investigations, supporting incident commanders, and ensuring high-quality evidence, documentation, and communication.

The role provides operational support for U.S. Government–regulated and customer-controlled environments, including CMMC-aligned environments, executing incidents and investigations in a defensible, audit-ready manner consistent with contractual and regulatory requirements.

The Cyber Defense Generalist works in close partnership with global Security Operations, Cyber Defense Engineering, GRC, Audit, IT Shared Services, Infrastructure and Cloud teams, Identity teams, and engages Legal, HR, and Privacy through defined workflows when required. Execution is aligned to the Ralliant Business System (RBS), emphasizing standard work, repeatability, continuous improvement, and measurable outcomes.

Key Responsibilities

• Execute SOC operations including alert investigation, correlation, case management, escalation, and shift handoff in alignment with 24x7 operational coverage models.
• Perform incident response activities, including detailed analysis, containment support, evidence collection, and recovery coordination under direction of the incident commander.
• Support incident command by providing timely technical findings, impact assessments, and clear updates suitable for operational and executive audiences.
• Operate, tune and Manage SIEM (LogScale) for Security operations activities.
• Investigate and respond to DLP alerts, applying defined workflows, documentation standards, and escalation criteria, and coordinating with Legal, HR, and Privacy for sensitive cases.
• Conduct threat analysis and targeted threat hunting, identifying indicators of compromise, validating detections, and surfacing control gaps or improvement opportunities.
• Translate threat intelligence into actionable investigative steps, detection feedback, and response recommendations.
• Support exposure and vulnerability response activities by validating exploitability, assisting with risk-based prioritization, and tracking remediation or exception outcomes.
• Ensure high-quality documentation and evidence handling to support audits, customer inquiries, and regulatory obligations, particularly for regulated environments.
• Contribute to continuous improvement by providing feedback on detections, false positives, playbooks, and operational workflows.
• Participate in simulations, tabletop exercises, and after-action reviews, incorporating lessons learned into day-to-day execution.

1. Follow RBS-aligned standard work, including runbooks, playbooks, checklists, and tooling, to ensure consistent, repeatable, and auditable operations.

• Partner with Cyber Defense Engineering to improve detection coverage and fidelity across endpoint, identity, cloud, SaaS, email, and network telemetry, including tuning to reduce false positives and increase high confidence detections.
• Execute threat hunts focused on both security and resilience, identifying control gaps, validating defensive assumptions, and improving readiness for high impact scenarios.

Qualifications

• Bachelor's degree recommended; equivalent practical experience considered.
• 3–6+ years of experience in security operations, incident response, or cyber defense roles.
• Demonstrated hands-on experience investigating security alerts and incidents across endpoint, identity, cloud, SaaS, email, and network domains.
• Experience supporting regulated or customer-driven security environments; familiarity with CMMC and NIST SP 800‑171 expectations is preferred.
• Practical experience with DLP investigation and response workflows, including handling sensitive data loss scenarios with discretion and defensible documentation.
• Practical experience in managing and operating a SIEM solution – from ingest to reporting.
• Working knowledge of threat intelligence consumption and basic threat hunting techniques.
• Experience collaborating with infrastructure, cloud, identity, and application teams during incident response or remediation activities.
• Strong written and verbal communication skills, with the ability to clearly document technical findings and explain risk and impact.
• Ability to operate effectively in a global, multi-time-zone environment while maintaining consistency with enterprise standards.
• Alignment with Ralliant values and the Ralliant Business System (RBS), including ownership, transparency, and continuous improvement.

About Us

Ralliant Corporation Overview

Ralliant, originally part of Fortive, now stands as a bold, independent public company driving innovation at the forefront of precision technology. With a global footprint and a legacy of excellence, we empower engineers to bring next-generation breakthroughs to life — faster, smarter, and more reliably. Our high-performance instruments, sensors, and subsystems fuel mission-critical advancements across industries, enabling real-world impact where it matters most. At Ralliant we're building the future, together with those driven to push boundaries, solve complex problems, and leave a lasting mark on the world.

About the Team

About Ralliant Ralliant, originally part of Fortive, now stands as a bold, independent public company driving innovation at the forefront of precision technology. With a global footprint and a legacy of excellence, we empower engineers to bring next-generation breakthroughs to life — faster, smarter, and more reliably. Our high-performance instruments, sensors, and subsystems fuel mission-critical advancements across industries, enabling real-world impact where it matters most. At Ralliant we're building the future, together with those driven to push boundaries, solve complex problems, and leave a lasting mark on the world. We Are an Equal Opportunity Employer Ralliant Corporation and all Ralliant Companies are proud to be equal opportunity employers. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity or expression, or other characteristics protected by law. Ralliant and all Ralliant Companies are also committed to providing reasonable accommodations for applicants with disabilities. Individuals who need a reasonable accommodation because of a disability for any part of the employment application process, please contact us at View email address on click.appcast.io.

Job Info

• Job Identification 9376
• Job Category Information Security
• Apply Before 07/13/2026, 12:00 AM
• Job Schedule Full time
• Locations 14150 SW Karl Braun Drive, Beaverton, OR, 97077, US 4114 Center at North Hills St. Suite 400, Raleigh, NC, 27609, US (Hybrid)