[Remote] Security Analyst
Note: The job is a remote job and is open to candidates in USA. Criterion Systems, a Cherokee Federal company, is seeking a motivated Security Analyst to support cybersecurity operations in a federal environment. The selected candidate will perform hands-on detection, analysis, investigation, threat hunting, and incident response activities while helping strengthen the organization's security posture.
Responsibilities
- Monitor and analyze security events utilizing Splunk Enterprise Security (ES)
- Build, maintain, and tune Splunk searches, correlation rules, alerts, and dashboards
- Conduct incident response activities from detection through containment, eradication, recovery, and closure
- Investigate endpoint security incidents utilizing Microsoft Defender for Endpoint
- Perform endpoint policy management and incident investigations
- Assess AWS cloud security telemetry utilizing GuardDuty, Security Hub, and related cloud security services
- Identify threats, vulnerabilities, suspicious activity, and cloud misconfigurations
- Execute alert triage, incident scoping, and escalation activities according to established playbooks
- Recommend updates and improvements to operational procedures and incident response playbooks
- Support threat hunting activities and detection engineering initiatives aligned to MITRE ATT&CK methodologies
- Perform phishing investigations, alert enrichment, and forensic review activities
- Conduct root cause analysis and document corrective actions following security incidents
- Track incidents and operational tasks utilizing case management systems
- Participate in tabletop exercises and operational readiness activities
- Collaborate with Security Operations teams, Incident Response personnel, and federal stakeholders
- Prepare reports and communicate findings to technical and non-technical audiences
- Perform other job-related duties as assigned
Skills
- This position requires an active Public Trust clearance or the ability to obtain and maintain one
- Three (3) to five (5) years of experience in cybersecurity operations, SOC analysis, incident response, or related security disciplines
- Demonstrated hands-on experience with Splunk Enterprise Security, including search development, dashboard creation, and correlation rule tuning
- Experience utilizing Microsoft Defender for Endpoint for security investigations and policy management
- Working knowledge of AWS cloud security technologies, including GuardDuty, Security Hub, or equivalent tools
- Proven experience managing incidents through the complete incident response lifecycle
- Working knowledge of MITRE ATT&CK framework and common threat actor tactics, techniques, and procedures
- Familiarity with incident response methodologies and frameworks such as NIST 800-61
- Strong analytical, investigative, and problem-solving capabilities
- Excellent written and verbal communication skills
- Experience supporting federal government customers or highly regulated environments
- Ability to work independently while collaborating effectively with cross-functional teams
- Experience with Security Orchestration, Automation, and Response (SOAR) platforms
- Experience developing automation scripts utilizing Python, PowerShell, or similar technologies
- Familiarity with FISMA, FedRAMP, CMMC, or other federal cybersecurity compliance frameworks
- Experience with Network Detection and Response (NDR) technologies
- Exposure to packet capture analysis and network forensics platforms
- Knowledge of malware analysis methodologies and digital forensics fundamentals
- Industry certifications such as Security+, CySA+, GCIH, GCIA, CEH, or equivalent
Benefits
- Medical
- Dental
- Vision
- 401(k)
- Paid Time Off
- Life Insurance
- Disability Coverage
Company Overview