[Remote] Security Analyst

Note: The job is a remote job and is open to candidates in USA. Criterion Systems, a Cherokee Federal company, is seeking a motivated Security Analyst to support cybersecurity operations in a federal environment. The selected candidate will perform hands-on detection, analysis, investigation, threat hunting, and incident response activities while helping strengthen the organization's security posture.

Responsibilities

• Monitor and analyze security events utilizing Splunk Enterprise Security (ES)
• Build, maintain, and tune Splunk searches, correlation rules, alerts, and dashboards
• Conduct incident response activities from detection through containment, eradication, recovery, and closure
• Investigate endpoint security incidents utilizing Microsoft Defender for Endpoint
• Perform endpoint policy management and incident investigations
• Assess AWS cloud security telemetry utilizing GuardDuty, Security Hub, and related cloud security services
• Identify threats, vulnerabilities, suspicious activity, and cloud misconfigurations
• Execute alert triage, incident scoping, and escalation activities according to established playbooks
• Recommend updates and improvements to operational procedures and incident response playbooks
• Support threat hunting activities and detection engineering initiatives aligned to MITRE ATT&CK methodologies
• Perform phishing investigations, alert enrichment, and forensic review activities
• Conduct root cause analysis and document corrective actions following security incidents
• Track incidents and operational tasks utilizing case management systems
• Participate in tabletop exercises and operational readiness activities
• Collaborate with Security Operations teams, Incident Response personnel, and federal stakeholders
• Prepare reports and communicate findings to technical and non-technical audiences
• Perform other job-related duties as assigned

Skills

• This position requires an active Public Trust clearance or the ability to obtain and maintain one
• Three (3) to five (5) years of experience in cybersecurity operations, SOC analysis, incident response, or related security disciplines
• Demonstrated hands-on experience with Splunk Enterprise Security, including search development, dashboard creation, and correlation rule tuning
• Experience utilizing Microsoft Defender for Endpoint for security investigations and policy management
• Working knowledge of AWS cloud security technologies, including GuardDuty, Security Hub, or equivalent tools
• Proven experience managing incidents through the complete incident response lifecycle
• Working knowledge of MITRE ATT&CK framework and common threat actor tactics, techniques, and procedures
• Familiarity with incident response methodologies and frameworks such as NIST 800-61
• Strong analytical, investigative, and problem-solving capabilities
• Excellent written and verbal communication skills
• Experience supporting federal government customers or highly regulated environments
• Ability to work independently while collaborating effectively with cross-functional teams
• Experience with Security Orchestration, Automation, and Response (SOAR) platforms
• Experience developing automation scripts utilizing Python, PowerShell, or similar technologies
• Familiarity with FISMA, FedRAMP, CMMC, or other federal cybersecurity compliance frameworks
• Experience with Network Detection and Response (NDR) technologies
• Exposure to packet capture analysis and network forensics platforms
• Knowledge of malware analysis methodologies and digital forensics fundamentals
• Industry certifications such as Security+, CySA+, GCIH, GCIA, CEH, or equivalent

Benefits

• Medical
• Dental
• Vision
• 401(k)
• Paid Time Off
• Life Insurance
• Disability Coverage

Company Overview