Cybersecurity Analyst II
What You Will Do
The Cybersecurity Analyst II at EXOS CYBER is the escalation point for the SOC. You take the alerts and tickets that Tier 1 cannot fully resolve, drive them to a confident answer, and pass anything beyond standard playbooks to the Cybersecurity Engineers and Team Lead with a clear recommendation.You will support
day-to-day
security operations for our clients with a primary focus on security monitoring, detection, and incident response, working alongside senior security engineers and incident responders.
Beyond the queue, you play a deliberate role inassisting of
maturing the SOC by writing and refining playbooks, tuning detections in coordination with our Senior Engineer / Purple Team and AI Automation Engineer, and mentoring Tier 1. This is a hands- on, high volume technical role designed for analysts with
to 6 years of experience who are ready to deepen their SOC skills while gaining broad exposure to a real world MSSP detection and response stack across diverse client environments.
Monitor and triage security alerts across multiple client environments using SIEM, EDR, email security, and cloud security tools. Validate and investigate common alert types, determineimpact, and recommend or execute initial response actions based on runbooks.
Take ownership of escalated alerts and tickets, drive them through full investigation, and either resolve or escalate to engineering with a recommended action. Escalations to senior responders include
accuratecontext, evidence, and timelines.
Runpoint
on confirmed true positive incidents within scope, including containment via
SentinelOne
, account isolation in Entra ID, credential rotation guidance, evidence collection, post incident documentation, and client communication.
Analyzeendpoint
, identity, and network telemetry to
identify
suspicious activity, lateral movement, and persistence attempts.
Conduct phishing triage and supportemail-based
threat investigations, including user impact assessment and remediation steps.
Partner with the Senior Engineers
/ Purple Team and AI Automation Engineer to
identify
noisy alerts, tune rules in
the SIEM and EDR
, and reduce false positive load through alert suppression and use case enhancements.
Execute scheduled hunts against client environments using SDL queries, EDR telemetry, and indicators from CTI feeds. Document findings and feed results back into detection engineering.
Support vulnerability scanning programs by helping interpret results, tracking remediation, and coordinating follow-ups with client IT teams.
Review escalations, give kind and direct feedback, run weekly walk-throughs of recent investigations, and contribute to Tier 1 onboarding curriculum.
Maintain thorough case notes, incident summaries, and client-ready communications in the ticketing system. Author the analytical narrative for monthly client reports covering what we saw, what it means, and what we recommend.