Cyber Security Analyst (Tier 2) United States - Remote

Overview CyberSheath Services International LLC is a rapidly growing Security and IT Managed Services Provider primarily focused on providing Cybersecurity services to the Defense Industrial Base (DIB). We are expanding our staff and are looking to add a Cyber Security Analyst to our Security Operations team.

CyberSheath integrates compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve the security posture. Our professionals guide clients on where to invest and how to integrate existing efforts to deliver improved security.

Successful candidates are self-motivated, think out of the box, work, and solve issues independently. Our most successful people are self-starters and willing to wear many hats to succeed. CyberSheath is fast-growing and seeks candidates who want to be part of our upward trajectory.

CyberSheath is a fully remote organization, and this will be a work-from-home position.

Travel requirements: 0-5% yearly. Budgeted Pay Range: $70,000 - $100,000 USD.

Equal Opportunity Employer statement: CyberSheath is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, protected veteran status, or disability.

Job Overview The Cyber Security Analyst (Tier 2) is responsible for advanced security incident triage, investigation, and response across Microsoft 365, Azure, and on-premises infrastructure. Serves as the escalation point for complex security incidents while implementing containment and remediation procedures in hybrid environments.

Key Responsibilities Investigate and respond to escalated security incidents across Microsoft cloud and on-premises environments

Perform advanced incident analysis using Microsoft Defender suite and Azure Sentinel

Conduct security assessment of Azure/Microsoft 365 configurations and implement hardening recommendations

Analyze and respond to advanced Active Directory attacks (Kerberoasting, Pass-the-Hash, Golden Ticket)

Monitor and investigate Exchange Server logs, email flow patterns, and phishing campaigns

Analyze federation security including ADFS token-based attacks and SAML token manipulation

Configure and tune WAF/firewall rule sets and investigate related security incidents

Develop network segmentation strategies and identify lateral movement attempts

Develop and maintain incident response playbooks for various attack scenarios

Coordinate incident response activities with cross-functional teams

Required Qualifications 3-5 years in cybersecurity with 2+ years SOC experience

Deep knowledge of hybrid Microsoft environments (Microsoft 365, Azure, on-premises AD)

Experience with SIEM platforms and security monitoring tools

Strong analytical and communication skills

Microsoft Certified: Security Operations Analyst (SC-200)

One additional security certification: EC-Council CSA, CompTIA Security+, or similar

Preferred Qualifications Microsoft Certified: Azure Security Engineer (AZ-500)

Microsoft Certified: Identity and Access Administrator (SC-300)

CrowdStrike Certified Falcon Responder (CCFR) or equivalent EDR certification

CISSP, SSCP, CCSP

Skills & Expertise Strong Proficiency with Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps)

Azure Sentinel KQL query development and alert configuration

Azure AD/Entra ID security configuration and attack path analysis

Active Directory security assessment including GPOs, trust relationships, and delegation

Email security and phishing detection/response

Cloud security posture management

Incident handling and digital forensics

Threat intelligence analysis and implementation

#J-18808-Ljbffr CyberSheath Services International

Apply tot his job

Apply To this Job