• Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS
• Provide in depth analysis from escalated requests originating from Security Analyst 1
• Validate suspicious events by performing investigations using SIEM and SOAR technologies, leveraging Deepwatch proprietary tooling, intelligence and OSINT, TTPs and IOCs
• Identify gaps in customer environments, data ingested or configuration errors which reduce telemetry quality
• Work with customer and leadership to surface and resolve concerns
• Provide support to Security Analyst I including coaching and training as necessary
• Leverage your knowledge of Alert Triage, SOC Operations, and Defense in Depth (DiD) to contribute to projects for overall customer success
• Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner
• Surface opportunities for improvement in the squad and for the customer and be a change agent for measurably improving our customer security posture and experience
• Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program

Required Qualifications:

• Have a strong understanding of cyber security principles, concepts and practices including the ability to perform a complete and thorough incident investigation and triage with very limited support from Analyst III’s
• Know your way around SIEM platforms (Splunk preferred), how to perform queries and leverage various log sources to perform investigations
• Operate autonomously requiring minimal support on investigative actions
• Competency with in-depth header analysis, hashes and Windows/macOS/Linux logs
• Demonstrate the ability to pivot to other log sources, cloud systems or consoles to perform a comprehensive analysis from multiple data sources.
• Have a basic understanding of modern EDR, email security and cloud identity platforms
• Strong written and verbal communication skills including the ability to write well-written reports and analysis that’s thorough, accurate and complete.

Preferred Qualifications:

• Support Analyst I and learn from Analyst III when you need helping hand
• A desire to support others and uplift the program and team through updating training materials and SOPs
• Sec+, CySA, CEH, GSEC, or equivalent certification preferred

NA