What You Will Do
The Cybersecurity Analyst at EXOS CYBER is the front line of our SOC, the first set of eyes on every alert that comes into our environment, responsible for fast, accurate triage, clean documentation, and timely escalation when something warrants deeper investigation. You will support day-to-day security operations for our clients with a primary focus on security monitoring, detection, and incident response, working alongside senior security engineers and incident responders. This is a hands-on, high-volume role designed for analysts with 2 to 6 years of experience who are ready to deepen their SOC skills while gaining broad exposure to a real-world MSSP detection-and-response stack across diverse client environments. You will help protect clients by identifying threats, responding to alerts, and continuously improving security posture.
Monitor and triage security alerts across multiple client environments using SIEM, EDR, email security, and cloud security tools
Validate and investigate common alert types, determine impact, and recommend or execute initial response actions based on runbooks
Escalate high-severity or complex incidents to senior responders with accurate context, evidence, and timelines
Perform incident response support activities, including containment guidance, indicator collection, and post-incident documentation
Analyze endpoint, identity, and network telemetry to identify suspicious activity, lateral movement, and persistence attempts
Conduct phishing triage and support email-based threat investigations, including user impact and remediation steps
Maintain thorough case notes, incident summaries, and client-ready communications in the ticketing or case management system
Assist with detection content improvements, including rule tuning, alert suppression, and use case enhancements to reduce false positives
Support vulnerability scanning programs by helping interpret results, tracking remediation, and coordinating follow-ups with client IT teams
Contribute to operational excellence by improving runbooks, investigation checklists, and repeatable workflows
What You Have Done
2 to 6 years of experience in a SOC, MSSP, or security operations focused role
Hands on experience investigating alerts from SIEM and EDR platforms and working cases end to end for routine incidents
Familiarity with common log sources such as Windows event logs, Active Directory, Azure AD or Entra ID, firewall, VPN, DNS, and email security logs
Experience triaging phishing, malware, suspicious authentication activity, and policy or misconfiguration-driven alerts
Working knowledge of incident response lifecycle, escalation criteria, and evidence preservation
Ability to prioritize effectively in a multi-client environment and manage multiple active cases without losing quality
Strong documentation habits with the ability to produce clear, client-ready updates and incident summaries
Solid fundamentals in TCP/IP, DNS, HTTP/S, Windows and Linux concepts, and identity and access management
Experience with ticketing systems and meeting SLAs for response, escalation, and customer communication
Relevant certifications such as CompTIA Security+, CySA+, Microsoft security fundamentals, or equivalent experience preferred
Associate or Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related discipline. Equivalent military training or certifications considered.
CompTIA CySA+, Blue Team Level 1 (BTL1), GIAC GSEC, or Microsoft SC-200.
Prior MSSP, MSP, or multi-tenant environment exposure.
Hands-on lab experience: TryHackMe, LetsDefend, Blue Team Labs, or home-lab portfolio.
Light scripting comfort (PowerShell or Python) for log parsing and host investigation.
Familiarity with the MITRE ATT&CK framework.