Role Description The Cybersecurity Analyst I (Tier 1 SOC Analyst) is responsible for monitoring, triaging, and responding to security alerts across enterprise environments. This role serves as the first line of defense within the SOC, supporting incident detection, initial investigation, and escalation while maintaining high-quality documentation and response standards. The analyst will work with SIEM, EDR, and cloud security tools to identify potential threats, reduce false positives, and support the organization’s overall cybersecurity posture. Key Responsibilities - Monitor security alerts using tools such as Microsoft Sentinel, Splunk, and Microsoft Defender for Endpoint - Perform initial triage and analysis of alerts (phishing, malware, suspicious login activity, endpoint detections) - Investigate alerts using endpoint, network, and cloud logs - Escalate confirmed or complex incidents to Tier 2/3 teams - Create and update incident tickets in ServiceNow or similar platforms - Follow incident response procedures aligned with NIST SP 800-61 - Document findings, actions taken, and outcomes clearly and accurately - Support detection tuning by identifying false positives and recurring alert patterns - Participate in shift handoffs and maintain situational awareness of ongoing incidents Company Description

Role Description The Applications Analyst III supervises and provides technical guidance to the staff in the development of specifications for new or revised systems. Qualifications - Experience in supervising and providing technical guidance. - Ability to develop specifications for new or revised systems. Requirements - Strong analytical and problem-solving skills. - Excellent communication and interpersonal skills. - Proficiency in relevant software and tools. Benefits - Comprehensive health care solutions. - Opportunities for professional growth and development. - Supportive and inclusive workplace environment. Company Description The Mount Sinai Health System is one of the largest academic medical systems in the New York metro area, with more than 48,000 employees working across eight hospitals, more than 400 outpatient practices, and more than 300 labs. - Advances health for all people by tackling complex healthcare challenges. - Integrates hospitals, labs, and schools for comprehensive healthcare solutions. - Ranked highly in various specialties by U.S. News & World Report. - Committed to fostering an environment of respect and support for all.

Are you ready to move beyond "check-the-box" compliance? We are looking for a Security Governance Analyst to help us bridge the gap between complex security requirements and real-world execution. Based in our Prague office, you will be a key player in our Trust, Risk, & Compliance (TRC) team, helping Rapid7 maintain its reputation for transparency and security across the EMEA and APAC regions. This isn't a role for a spectator. We need a practitioner who is eager to dive into our technical stack, partner with engineering teams, and ensure that security is built into the way we work-not bolted on at the end. About the Team Rapid7's Trust & Governance team doesn't just write policies; we build trust. We operate at the intersection of technical excellence and business enablement. We partner deeply with InfoSec, Legal, and Engineering to ensure our security posture is resilient, compliant, and-most importantly-transparent to our customers. We're a team that values "Impact Together," meaning we win as a herd (or as we call ourselves, the Moose). About the Role As a Security Governance Analyst, you are the engine that keeps our compliance initiatives moving. You aren't just following a checklist; you are identifying gaps, flagging risks early, and helping us evolve. You will operate with a healthy mix of independence and collaboration, knowing exactly when to run with a project and when to pull in an expert. In this role, you will: - Drive Consistent Outcomes: Execute TRC deliverables within SLAs, ensuring our compliance programs run predictably and with high quality. - Bridge the Technical Gap: Act as the "SME-in-the-middle," translating complex auditor requirements into actionable steps for our internal teams. - Navigate the Gray Areas: Proactively spot delays or deviations in project scope. You don't just report problems; you help us pivot toward solutions. - Support the Audit Lifecycle: Assist in evaluating the design and effectiveness of our controls, helping us find smarter, more efficient ways to stay secure. - Influence the Culture: Help our peers understand the "why" behind security controls, fostering a culture where security is everyone's business. The skills and qualities you will bring include: We aren't looking for a perfect resume; we're looking for the right mindset. You should bring a mix of foundational GRC knowledge and the "Never Done" curiosity to keep learning. - Experience: 2+ years in information security, IT audit, or a related compliance field. You've seen how audits work and you're ready to take the next step. - Foundational Toolkit: Familiarity with frameworks like ISO 27001, SOC2, or NIST CSF. You understand how these requirements live and breathe in a cloud-first environment. - Strategic Doing: You think big but act small-breaking down massive compliance goals into clear, time-bound milestones. - Clear Communication: You can explain a technical risk to a non-technical stakeholder without losing the "why." - Accountability: You own your outcomes. If a deadline is at risk, you're the first to flag it and suggest a path forward. - Collaborative Mindset: You treat other teams as partners, not obstacles. You seek to understand their workflows before asking them to change. - The "Fail Fast" Mentality: You're open to feedback and eager to learn from mistakes to accelerate your impact. - AI-Driven Curiosity: You are naturally inquisitive and always looking for a smarter way to work. You have a genuine interest in exploring and leveraging AI tools to automate workflows, streamline compliance, and stay ahead of the curve. - Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. Typical Minimum Requirements - A Bachelor's degree and a minimum of 2 years of related experience. - Fluency in English; strong written and verbal communication skills are essential for regional stakeholder management. We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today. #LI-SIM About Rapid7 At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.

• Monitor and investigate alerts across SIEM, XDR, IDS/IPS, and email security tools. • Own incident response end-to-end: triage, containment, RCA, and reporting. • Improve and maintain IR playbooks and runbooks. • Run hypothesis-based threat hunts using TTPs, IOCs, and behavioral patterns. • Bring OSINT and threat intel insights into daily SOC workflows. • Monitor the dark web for leaked credentials and data exposure. • Build and tune high-quality detections using MITRE ATT&CK. • Enhance SIEM dashboards, correlation rules, and SOAR automations. • Reduce false positives and improve SOC efficiency. • Analyze network traffic, packet captures, and protocol behaviors. • Investigate phishing attempts and strengthen email security. • Onboard/validate log sources and ensure telemetry completeness. • Purple teaming to validate detections and test defenses.