A Senior Security Analyst is responsible for safeguarding an organization’s computer systems and networks against cyber threats. This role involves identifying vulnerabilities, monitoring for suspicious activities, and implementing robust security measures to protect sensitive data and infrastructure.

Key Responsibilities:

Security Monitoring & Incident Response

• Monitor and analyze security alerts from SIEM, EDR, IDS/IPS, firewalls, and other security tools.
• Investigate and triage security incidents to assess their scope and impact, and determine the appropriate remediation.
• Lead incident response efforts, including containment, eradication, recovery, and root cause analysis.
• Maintain and improve incident response processes and documentation.

Threat Hunting & Intelligence

• Perform proactive threat-hunting to uncover hidden threats within the environment.
• Analyze threat intelligence feeds and apply insights to strengthen detection capabilities.
• Develop and maintain custom use cases, detection rules, and correlation searches in SIEM platforms.

Forensics & Malware Analysis

• Conduct forensic investigations on memory, disk, and network artifacts.
• Analyze malware behavior and, when necessary, reverse-engineer malicious code.
• Collaborate with relevant teams to isolate affected systems and prevent recurrence.

Security Automation & Optimization

• Design and enhance security playbooks and scripts to streamline operations.
• Leverage SOAR tools to automate routine tasks and incident response workflows.
• Identify opportunities to optimize SOC (Security Operations Center) processes and reduce alert fatigue.

Compliance & Reporting

• Ensure adherence to industry security frameworks such as MITRE ATT&CK, MITRE D3FEND, and NIST.
• Document incidents, investigation results, and post-incident improvements.
• Assist in compliance audits, risk assessments, and internal/external reporting.

Required Skills & Qualifications:

Experience

• Minimum 5 years of hands-on experience in SOC operations, cybersecurity, or incident response.
• Proven experience with tools such as SIEM (e.g., Splunk, ELK), EDR solutions, IDS/IPS, and firewalls.

Technical Skills

• Deep understanding of network protocols, operating systems (Windows & Linux), and cybersecurity architectures.
• Proficiency in log analysis, threat intelligence, and understanding of attacker techniques (MITRE ATT&CK, D3FEND).
• Hands-on experience with scripting languages such as Python, PowerShell, or Bash.
• Familiarity with security automation, playbook development, and SOAR platforms.
• Strong knowledge of cloud and container security (e.g., Azure, Kubernetes, Docker).
• Understanding of application security principles and vulnerability management.