• Perform a comprehensive cybersecurity risk assessment and deliver a prioritized remediation plan. • Design and implement the organization's overall security strategy and roadmap. • Establish security monitoring, incident response, and threat detection processes. • Lead and mature Microsoft 365 and Azure security posture (Defender, Entra ID, Sentinel, Purview). • Own SOC 1 and SOC 2 compliance readiness and audit preparation. • Define and enforce IAM policies, MFA standards, and Zero Trust principles. • Develop and maintain security policies, standards, and documentation. • Evaluate and manage third-party vendors and SaaS platform security risks. • Oversee vulnerability management: assessments, tracking, prioritization, and remediation coordination. • Lead incident response, including coordination with MSPs, infrastructure teams, and leadership. • Establish security awareness programs and build a security-conscious culture. • Manage and mentor the Cybersecurity Analyst, providing technical direction and growth opportunities. • Report cybersecurity risks and program status to senior leadership. • Evaluate and recommend security tools and technologies.

Role Description The Senior SOC Analyst is responsible for advanced security monitoring, investigation, and incident response activities within the Everforth Security Operations Center (SOC). This role serves as a senior technical resource within the analyst team, responsible for leading complex investigations, mentoring junior analysts, and ensuring high-quality incident analysis across enterprise environments. The Senior SOC Analyst plays a critical role in identifying sophisticated threats, escalating security incidents, and improving SOC investigative capabilities. This role reports to the SOC Manager and works closely with the Security Engineering team, enterprise IT operations teams, and the Everforth Commercial MSSP to ensure effective monitoring, investigation, and response across the enterprise. Responsibilities - Advanced Threat Investigation: Conduct in-depth analysis of complex security alerts, anomalies, and potential threat activity across enterprise environments. - Incident Response Support: Lead investigation and response activities for confirmed or suspected cybersecurity incidents affecting enterprise systems. - Alert Triage and Escalation: Perform detailed triage of security alerts and escalate validated incidents according to established procedures. - Investigation Leadership: Serve as the lead analyst during significant investigations, coordinating investigative efforts and guiding response activities. - Threat Analysis: Analyze indicators of compromise, attacker behavior, and malicious artifacts to determine the scope and impact of security incidents. - Detection Engineering: Develop and refine detection logic, analytics, and monitoring use cases based on investigative findings and threat intelligence. - Threat Hunting: Conduct proactive threat hunting activities to identify adversary behavior not detected through automated alerts. - MSSP Escalation Handling: Review and validate alerts and escalations originating from the MSSP after-hours monitoring team. - Investigation Documentation: Ensure thorough documentation of investigations, findings, and response actions within the SOC case management platform. - Operational Quality Assurance: Support the SOC Manager in maintaining investigation quality and adherence to SOC playbooks and procedures. - Operational Effectiveness: Lead the design and implementation of SOC process improvements through automation, AI-driven solutions, workflow optimization, and continuous enhancement of detection and response capabilities. - Operational Collaboration: Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities. - Knowledge Sharing: Mentor junior SOC analysts and provide guidance on investigative techniques, threat analysis, and incident handling procedures. - Situational Awareness: Maintain awareness of emerging threats, attacker tactics, techniques, and procedures relevant to enterprise environments. - Playbook Execution: Execute established SOC investigation playbooks and contribute to the refinement of operational procedures. - On-Call Support: Participate in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability. Qualifications - Experience: Minimum of 5 years of cybersecurity experience, with at least 3 years in a Security Operations Center or incident response role. - Security Investigation Expertise: Strong experience investigating security alerts, analyzing suspicious activity, and determining the scope and impact of security incidents. - Incident Response Experience: Hands-on experience supporting incident response investigations including containment, eradication, and recovery coordination. - Security Technology Experience: Experience working with enterprise security tools such as SIEM platforms, EDR platforms, and log analysis systems. - Threat Analysis Skills: Ability to analyze indicators of compromise, attacker behaviors, and adversary techniques during investigations. - Log Analysis Expertise: Strong experience reviewing and interpreting system logs, endpoint telemetry, network events, and authentication activity. - Detection Engineering Experience: Experience developing or tuning detection rules, analytics, or monitoring logic used to identify malicious activity. - Security Framework Knowledge: Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework or CIS Critical Security Controls. - Investigation Documentation: Experience documenting investigations, incidents, and response actions within case management platforms. Requirements - Able and willing to obtain a US Security Clearance. - This role may require occasional on-call support during off-hours to respond to security incidents.

Role Description The SOC Analyst is responsible for enterprise security monitoring, alert investigation, and incident response activities within the Everforth Security Operations Center (SOC). This role supports the continuous monitoring of enterprise systems and security telemetry to identify potential threats and suspicious activity. SOC Analysts perform investigative analysis of security alerts, participate in incident response activities, and contribute to detection engineering efforts that improve the organization's ability to detect malicious activity. This role reports to the SOC Manager and works closely with Senior SOC Analysts, the Security Engineering team, enterprise IT operations teams, and the MSSP to ensure effective monitoring, investigation, and response across the enterprise environment. Responsibilities - Security Monitoring: Monitor enterprise security telemetry and alerts generated by security platforms to identify potential threats or suspicious activity. - Alert Investigation: Conduct investigations of security alerts to determine legitimacy, scope, and potential impact to enterprise systems. - Incident Detection: Identify indicators of compromise, malicious behavior, and suspicious activity within enterprise environments. - Incident Response Support: Support investigation and response activities during confirmed or suspected cybersecurity incidents. - Threat Analysis: Analyze security telemetry, logs, and alerts to determine attacker behavior, indicators of compromise, and potential attack vectors. - Detection Engineering Support: Contribute to the development and refinement of detection rules and monitoring analytics based on investigation findings. - Threat Hunting: Participate in proactive threat hunting activities to identify adversary behavior that may not be detected through automated monitoring. - MSSP Escalation Review: Review and investigate alerts escalated by the MSSP after-hours monitoring team. - Investigation Documentation: Document investigations, findings, and response actions within the SOC case management platform. - Operational Effectiveness: Contributes to SOC process improvements by supporting automation efforts, implementing AI-assisted workflows, identifying efficiency opportunities, and helping enhance detection and response operations. - Playbook Execution: Execute SOC operational playbooks and investigation procedures during alert triage and incident response. - Operational Collaboration: Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities. - Continuous Improvement: Identify opportunities to improve monitoring coverage, investigation processes, and detection capabilities. - On-Call Support: Participate in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability. Qualifications - Minimum of 3–5 years of cybersecurity experience, with experience in security operations, threat monitoring, or incident response environments. - Experience monitoring security alerts and investigating suspicious activity using enterprise security tools. - Ability to analyze security alerts, logs, and telemetry to determine potential malicious activity. - Experience working with enterprise security tools such as SIEM platforms, endpoint detection and response (EDR), and log analysis tools. - Experience reviewing system logs, authentication activity, endpoint telemetry, and network security events. - Understanding of basic incident response processes and investigation workflows. - Familiarity with common attacker techniques and indicators of compromise. - Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework or CIS Critical Security Controls. - Experience documenting investigations and response actions in case management platforms. Requirements - Able and willing to obtain a US Security Clearance. - This role may require occasional on-call support during off-hours to respond to security incidents.

• Monitoring Security Systems: Continuously monitor various security systems, including firewalls, intrusion detection systems, antivirus software, and others, to promptly detect and respond to any security incidents. • Security Incident Response: Take the lead in investigating security breaches and incidents, pinpointing their root causes, and developing strategies to prevent similar occurrences in the future. Collaborate closely with IT and business teams to ensure coordinated and effective response efforts. • Vulnerability Management: Identify and assess vulnerabilities present in systems and networks, collaborating with technical teams to mitigate risks through patch management and configuration changes. Thoroughly document findings and facilitate clear communication across teams to promptly address security weaknesses. • Security Policy Enforcement: Ensure the enforcement of robust security controls, policies, and procedures throughout the organization, guaranteeing compliance with relevant regulations, standards, and best practices. • Security Awareness Training: Support and contribute to security awareness initiatives and trainings aimed at educating employees on the best practices for maintaining information security, fostering a culture of security consciousness within the organization. • Security Risk and Vendor Assessments: Conduct comprehensive assessments of security risks and evaluate third-party vendor security measures to gauge the effectiveness of existing security controls and identify areas for enhancement. • Security Tool Evaluation: Assess and evaluate the suitability of new security tools and technologies to bolster the organization's overall security posture, ensuring that chosen solutions align with the organization's security objectives and requirements. • Lead end-to-end incident response activities, including detection, triage, containment, eradication, and post-incident analysis.