Threat Analyst

• Investigate and triage escalated security alerts and incidents across endpoint, network, cloud, and identity environments within an MDR framework.


• Perform in-depth analysis to determine root cause, attack scope, adversary techniques, and overall impact of security incidents.


• Conduct malware and script analysis, including deobfuscation of suspicious code and identification of malicious behavior patterns.


• Support ransomware and advanced intrusion investigations, including credential abuse, persistence mechanisms, and lateral movement analysis.


• Carry out proactive threat hunting based on hypotheses and emerging threat intelligence.


• Correlate security data across EDR, SIEM, cloud logs, Windows, Linux, and identity systems to build complete incident narratives.


• Investigate authentication anomalies, privilege escalation, and potential identity compromise scenarios.


• Document findings clearly and provide actionable remediation and containment recommendations to clients and stakeholders.


• Contribute to detection engineering improvements and refinement of response playbooks based on investigation outcomes.


• Collaborate with senior analysts on high-severity incidents and participate in a 24/7 rotating on-call schedule.

Requirements:

• 4–6 years of experience in SOC, MDR, incident response, or cybersecurity operations roles.


• Strong experience investigating security alerts using EDR and SIEM platforms.


• Solid understanding of ransomware tactics, intrusion patterns, and adversary behaviors.


• Hands-on experience analyzing Windows and Linux systems, including logs, processes, and system artifacts.


• Experience deobfuscating scripts and analyzing malware behavior to identify malicious activity.


• Familiarity with MITRE ATT&CK framework and common adversary techniques.


• Ability to analyze Windows Event Logs, Linux logs, and Active Directory environments.


• Understanding of cloud and identity security investigations, including suspicious authentication and privilege misuse.


• Knowledge of network protocols (TCP/IP, DNS, HTTP/S) and traffic analysis techniques.


• Strong scripting skills, particularly PowerShell, with Python or similar language experience required.


• Excellent analytical, troubleshooting, and investigative documentation skills.


• Ability to manage multiple concurrent investigations in a fast-paced environment.


• Strong communication skills, both written and verbal.


• Security certifications (Security+, CySA+, GCIH, or equivalent) and a relevant degree are a plus.

Benefits:

• Competitive salary package aligned with experience


• Remote-first working model with flexibility depending on role requirements


• Opportunity to work on real-world, high-impact cybersecurity incidents globally


• Continuous learning and professional development in advanced threat detection and response


• Exposure to cutting-edge MDR, XDR, and threat intelligence technologies


• Inclusive, collaborative, and globally connected security operations environment


• Participation in wellbeing initiatives, wellness days, and employee engagement programs


• Career growth opportunities within a leading cybersecurity organization