The Cybersecurity Analyst is responsible for monitoring, documenting, and supporting the cybersecurity posture of client's IT and OT environments. This role focuses on reviewing and analyzing security alerts, identifying vulnerabilities, maintaining cybersecurity configurations, and escalating potential threats or incidents to senior team members. The analyst leverages data from multiple cyber defense tools (e.g., SIEM, IDS/IPS, firewalls, network traffic logs) to detect, analyze, and mitigate cybersecurity threats across corporate and operational technology networks.
Essential Duties & Responsibilities
Monitor, detect, identify, and alert on potential cyberattacks, intrusions, anomalous activity, and misuse events
Analyze alerts and logs to distinguish malicious activity from normal system behavior
Support protection of corporate and operational networks through continuous monitoring and analysis
Analyze logs, packets, and security messages from various systems and applications
Identify cyber threat tactics, techniques, and methods (TTPs)
Identify, document, and help remediate gaps in the organizations cybersecurity posture
Test systems for vulnerabilities and support vulnerability management initiatives
Document and escalate incidents in accordance with established procedures
Respond to urgent cybersecurity events and incidents, including after-hours support as needed
Review incidents to determine root cause and operational impact
Monitor external threats and hostile content directed toward organizational or partner interests
Recommend procedural improvements to support strong cyber hygiene
Prepare threat briefings, situational updates, and threat activity reports
Track and report on adversarial activity across enterprise environments
Environment & Technical Focus
Corporate IT network supporting internet access, routing, security policies, and user access
Operational Technology (OT) environments supporting building systems such as:
HVAC, lighting, and electrical systems
Access control and CCTV
Building automation and scheduling systems
Medium-sized, distributed campus environment with fiber-optic infrastructure
Multiple building environments, each operating as an isolated network within a single domain
Exposure to log collection, remote troubleshooting, and system monitoring across both IT and OT systems
Education & Required Experience
Associates or Bachelors degree in business, technology, or a related field preferred
35 years of experience in IT security or cybersecurity
Experience with SIEM platforms, IDS, and IPS technologies
Experience working with logs, network packets, and security event data
Basic scripting skills (Python, PowerShell, Bash)
Experience with vulnerability management and testing
Experience with network packet analysis
Experience with log analysis and log management
Experience with cloud security management interfaces
Experience with enterprise authentication systems (e.g., Active Directory, IAM platforms)
Incident handling and response experience preferred
Working knowledge of:
Core cybersecurity concepts (CIA triad, encryption, risk management)
Networking protocols and traffic flow
Cybersecurity threats, vulnerabilities, and threat hunting
Cybersecurity laws and regulations
Familiarity with security frameworks such as NIST and MITRE ATT&CK preferred
Understanding of differences between IT and OT network environments
Experience working on project teams; project management exposure preferred
Intermediate understanding of threat intelligence research and methodologies
Familiarity with adversarial TTPs