All Lines Technology Inc

Compensation

Full Description

The Cybersecurity Analyst strengthens endpoint, identity, and detection controls by operating and improving EDR, SIEM, vulnerability management, Azure Entra ID/Active Directory, and security awareness programs while supporting real-world investigations. This is a hands-on analyst role, compensation and scope reflect direct ownership and operation of security tools rather than a purely advisory or architectural function. Duties and Responsibilities • Monitor SIEM and EDR alerts, investigate and document findings, escalate per runbooks, and tune detections to reduce noise while maintaining coverage • Perform root-cause analysis of incidents where applicable • Conduct periodic threat hunting aligned with current attacker techniques • Maintain EDR policies, agent health, and containment workflows, and coordinate remediation with IT operations • Perform vulnerability scans, prioritize CVEs, drive patching or mitigations, track SLAs, and report risk trends • Enforce MFA and Conditional Access, review privileged access, and support identity hardening and authentication policies • Plan and execute phishing simulations and role-based security awareness training, reporting metrics and driving behavior improvement • Develop SIEM analytics and playbooks, enrich detections, and support incident response and post-incident reviews • Maintain procedures and evidence, support audit and risk activities, and contribute to the security policy lifecycle Requirements Education: Bachelor’s degree in information technology, Cybersecurity, Computer Science, or a related field preferred. Equivalent relevant work experience may be substituted. Experience: 1–5+ years in cybersecurity or IT operations, or equivalent hands-on experience. Candidates are expected to be comfortable working directly in security tools; depth of responsibility will align with experience. Preferred hands-on experience in several of the following areas: • EDR policy management, investigations, and containment • Alert triage, query development, dashboards, and runbooks • Vulnerability scanning, prioritization, and remediation • Azure Entra ID / Active Directory with MFA, Conditional Access, and privilege hygiene • Cybersecurity awareness training and phishing campaigns with metrics reporting • PowerShell: ability to read and modify basic scripts; advanced scripting a plus. • Familiarity with ticketing and change management • Clear incident documentation and concise stakeholder updates • Experience supporting audits or security questionnaires Skills/Knowledge: • Security Tooling (transferable): SIEM (Microsoft Sentinel, Splunk, ConnectWise), EDR (CrowdStrike, SentinelOne, Microsoft Defender), vulnerability management (Tenable, Qualys), and security awareness platforms (KnowBe4) • Working knowledge of security frameworks (NIST CSF, 800-53/800-171, CIS Controls) • Azure and Microsoft 365 security fundamentals, detection tuning and automation using KQL and PowerShell • Comfortable learning new tools and techniques while working on real investigations. Other: • Separates signal from noise and uses data to justify tuning and remediation • Drives incidents and vulnerabilities to closure with cross-functional teams • Balances security controls with user experience and operational impact • Translates technical risk for non-technical audiences