Job Details

Cyber74, the strongest element in cybersecurity. We're an advanced Managed Security Services Provider (MSSP) serving small and medium sized businesses across North America. We deliver a best-in-class advanced security program with common sense and clarity. Offering over 50 types of comprehensive cybersecurity protection, we partner with organizations to elevate their entire security standing and IT infrastructure - ensuring they're protected from today's most sophisticated cybersecurity threats. What makes us different and why is this the right team for you? Find out. (Please note: Every application submitted through Workday is reviewed by a real person, not an AI. We value your time and take each submission seriously.)

Summary

The Security Analyst II - SOC & SIEM Engineering at Cyber74 provides elevated Security Operations Center (SOC) support with a strong emphasis on advanced alert analysis, incident investigation, SIEM administration, and detection engineering. This role goes beyond traditional alert triage and includes SIEM content development, tuning, log source onboarding, and proactive detection improvement across client environments.

Security Analysts II play a key role in strengthening Cyber74's detection capabilities, supporting incident response efforts, and conducting guided threat-hunting activities to identify more advanced or evasive threats. The ideal candidate demonstrates strong investigative instincts, technical curiosity, and the ability to improve security outcomes through thoughtful analysis and collaboration.

SOC Operations & Threat Analysis

• Review, analyze, and correlate SIEM alerts to determine true positives, false positives, and appropriate response actions.
• Perform advanced SOC operations, including monitoring, investigation, reporting, and response to suspicious or malicious activity.
• Conduct deeper incident investigations using SIEM, EDR, and other security telemetry.
• Analyze phishing emails for malicious indicators and provide remediation recommendations.
• Review and respond to alerts from automated security tools and monitoring platforms.
• Conduct threat research on emerging threats, attacker techniques, and vulnerabilities.
• Perform recurring health checks on security tooling and validate alignment with expected configurations.
• Maintain and enhance standard operating procedures (SOPs); create and update documentation as processes evolve.
• Prepare investigation summaries and reports for internal stakeholders and clients.
• Conduct vulnerability analysis and assist with security remediation recommendations.
• Manage and prioritize multiple client environments, investigations, and projects concurrently.
• Participate in an on-call or standby rotation as required.
• Participate in guided threat-hunting exercises using SIEM and EDR telemetry.
• Conduct hypothesis-driven investigations to identify abnormal or suspicious behavior.
• Leverage threat intelligence to enhance detections and hunting activities.
• Assist in identifying advanced, persistent, or evasive threats not caught by automated alerts.
• Document findings and recommend detection or process improvements based on hunt outcomes.

SIEM Engineering & Detection Development

• Assist with SIEM deployments and client onboarding activities.
• Ingest, parse, and normalize logs from new data sources into the SIEM and associated platforms.
• Develop, tune, and optimize SIEM detection rules to reduce alert noise and improve fidelity.
• Write and modify SIEM queries (e.g., KQL, SPL, SQL, Lucene) to support investigations and detections.
• Build dashboards, correlation rules, and use cases tailored to specific client environments.
• Identify logging gaps and recommend improvements to increase detection coverage.
• Validate detections using real-world attack techniques, threat intelligence, and historical data.
• Map detections and investigations to MITRE ATT&CK techniques and tactics.
• Collaborate with SOC and engineering teams to continuously improve detection logic and alert quality.

Required Experience

• 2+ years of hands-on experience in an L2 SOC, incident response, detection engineering, or SIEM administration role.
• 3-5 years of combined experience across cybersecurity and/or IT disciplines.
• Demonstrated experience performing deeper-level investigations beyond basic alert triage.
• Experience contributing to detection improvements, tuning, or content development.
• Strong understanding of SIEM concepts, log ingestion, parsing, and data normalization.
• Familiarity with Windows and Linux logging fundamentals.
• Experience working with security tools such as SIEM, EDR, DNS filtering, email security, and identity security platforms.
• Ability to manage multiple priorities in a fast-paced, client-facing environment.
• Expected Salary to begin at $76,000 annually.

Preferred Experience

• Experience in a multi-tenant SOC, MSSP, or MDR environment.
• Familiarity with MITRE ATT&CK, TTP-based investigations, and threat intelligence.
• Exposure to basic scripting (PowerShell and/or Python) for analysis or automation.
• Understanding of false-positive reduction and detection validation techniques.
• Ability to clearly communicate technical findings to non-technical stakeholders.

Preferred Certifications

• CompTIA Security+
• Blue Team Level 1 / Level 2
• eLearnSecurity Junior Penetration Tester (eJPT)
• GIAC Foundational Cybersecurity Technologies (GFACT)
• Microsoft's AZ-900, SC-900, MS-900

*A candidate with partial or equivalent certifications is welcome to apply.

Preferred Attributes

• Highly motivated and eager to grow within offensive security.
• Highly organized and process-driven
• Affinity for technology
• Strong integrity with the ability to work in a highly confidential manner
• Collaborative and flexible with a consultative mindset
• Precise and detailed, delivering consistently high-quality results
• Comfortable in a balance of tactical and strategic focus
• Servant-hearted with a focus on improving the lives of our customers in every action and interaction

Cyber74, a New Charter Company, is committed to creating an inclusive environment and is proud to be an equal opportunity employer. Cyber74 recruits, employs, trains, compensates, and promotes regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status