Cybersecurity Analyst III

EXOS (formerly Sondhi Solutions)

Indianapolis, IN

JOB DETAILS
SKILLS
Analysis Skills, Artificial Intelligence (AI), Automation, Automation Engineering, CompTIA - Computing Technology Industry Association, Computer Science, Computer Security, Computer Telephony Integration (CTI), Consulting, Cost Control, Customer Escalations, Customer Relations, Customer Support/Service, DNS (Domain Name System), Documentation, Email Security, Engineering, Establish Priorities, Fire Suppression/Control, Firewalls, Forensic Science, GCFA - GIAC Certified Forensic Analyst, GCIA - GIAC Certified Intrusion Analyst, GCIH - GIAC Certified Incident Handler, GIAC - Global Information Assurance Certification, Gap Analysis, HTTP (HyperText Transport Protocol), Hunting, Identity Data Management, Incident Response, Information Technology & Information Systems, Information Technology Consulting, Insurance, Internet Security, Leadership, Legal, Linux Operating System, Machine Tool, Memory Hardware, Mentoring, Microsoft Active Directory, Microsoft Windows Operating System, Microsoft Windows System Internals/Programming, Onboarding, Phishing, Professional Services, Python Programming/Scripting Language, Quality Assurance, Quality Management, Quality Metrics, Ransomware, Root Cause Analysis, Scripting (Scripting Languages), Security Information and Event Management (SIEM), ServiceNow, Software Development, Splunk, Startup, Strategic Planning, TCP/IP (Transmission Control Protocol/Internet Protocol), Team Lead/Manager, Technical/Engineering Design, Telemetry, Track Customer Issues, VPN (Virtual Private Network), Vehicle Fleets, Vendor/Supplier Relations, Windows PowerShell, Writing Skills
LOCATION
Indianapolis, IN
POSTED
4 days ago

What You Will Do


The Cybersecurity Analyst III at EXOS CYBER is the senior technical escalation point of the SOC — the final analyst-tier authority on the hardest, most ambiguous investigations before a case moves into engineering. When Tier 2 has driven an alert as far as standard playbooks and queries allow and still doesn't have a confident answer, it comes to you. You own confirmed, significant incidents end to end across our client environments. You will support day-to-day security operations for our clients with a primary focus on advanced detection, incident response, and threat hunting, working alongside our Cybersecurity Engineers, and Team Lead.


Beyond the queue, you set the bar for investigation quality across the SOC. You QA escalations, mentor and develop Tier 1 and Tier 2, build out the investigation curriculum, and partner with engineering on detection strategy at the program level, not just one noisy rule at a time. This is a hands-on, deeply technical role designed for analysts with 5+ years of experience (or 2+ years past Tier 2) who are ready to operate as the senior individual contributor in a real-world MSSP detection-and-response practice spanning across a diverse client environments. 


  • Serve as the Tier 3 technical escalation point in the SOC. Take the incidents that Tier 2 cannot fully resolve, drive them to a definitive answer, and hand only genuinely engineering-scoped or architecture-level problems to the Cybersecurity Engineers and Team Lead with a clear, evidence-backed recommendation and a proposed course of action. 
  • Lead confirmed true-positive incidents end to end across client environments including but not limited to ransomware, business email compromise, account takeover, lateral movement, and data exfiltration including scoping and impact assessment, containment orchestration via SentinelOne, account isolation and credential rotation in Entra ID, eradication and recovery guidance, evidence preservation, root-cause analysis, and client communication through resolution. 
  • Own and run the proactive threat hunting program: develop hypothesis-driven hunts across the client base using various queries, EDR telemetry, and indicators from CTI feeds; document findings; and feed confirmed patterns back into detection engineering as durable, reusable detections. 
  • Perform host, memory, and network forensics (Velociraptor, endpoint and identity artifacts, timeline reconstruction) to establish what happened, when, and how far it went, and to support breach-notification and legal/insurance coordination when an incident warrants it. 
  • Conduct phishing triage and support email-based threat investigations, including user impact assessment and remediation steps. 
  • Partner with the Cybersecurity Engineers and AI Automation Engineer on detection strategy at the program level coverage and gap analysis against MITRE ATT&CK, detection content design, and false-positive reduction across the fleet rather than one-off alert tuning. 
  • Apply offensive and adversary-emulation knowledge to inform detection coverage, and support purple team and adversary-emulation exercises by translating attacker TTPs into detections and validating that controls fire as expected. 
  • Analyze endpoint, identity, and network telemetry to identify suspicious activity, lateral movement, and persistence, and lead phishing and email-based threat investigations through full user-impact assessment and remediation. 
  • Set and enforce investigation quality standards: QA Tier 1 and Tier 2 escalations and case documentation, run walk-throughs of significant investigations, give kind and direct feedback, and own the Tier 1/Tier 2 onboarding and skills-development curri 
  • Author the analytical narrative for the most complex client deliverables, post-incident reports, after-action reviews, and the senior-analyst portion of monthly client reporting covering what we saw, what it means, and what we recommend, in language a client technical stakeholder can act on.
  • Drive SOC operational maturity by shaping runbook and playbook architecture, investigation checklists, and repeatable workflows, and by mentoring the team toward consistent, defensible outcomes

Our Company

In 2009 EXOS established itself as an IT consulting and staff augmentation firm.  We specialize in focusing on what the client needs and adapting to how our client works.  Our number one goal is to deliver the RIGHT solution, with the RIGHT resource, for the RIGHT price at the RIGHT time.   


The Company has three areas of focus:


Professional Services and Consulting:  As a full-service IT consulting firm, we offer a wide array of services to adapt to our clients' businesses. No matter what is needed, we have a solution that fits.


Whether it be custom application development or providing highly specialized IT resources to run a project, we assist our clients to ensure their IT initiatives cross the finish line. 


Staffing: Our solutions foster stronger relationships with customers, suppliers, and partners, which greatly improve our clients' productivity, while reducing overall IT costs.


Managed Services:  We realize our clients don't have the time to worry about the most important tools that its people use--technology. We take care of our client's network and service its system.


Our Values

We are Empowering


At EXOS we empower our clients by providing them with essential strategic IT guidance, reliable service, and the talent necessary to achieve their business goals.  We empower our team by living a culture of collaboration, trust, and learning, creating growth opportunities, and charting a clear career path for all our team members.


We are Connected

At EXOS we are connected to our clients and their purpose. We are not just a talent and technology partner; we are an extension of your business. We seek to understand where leadership is driving the company, and we connect across all aspects of the business necessary to make that goal a reality. We are connected to the communities we serve and invested in organizations that make them great places to live. As the EXOS team, we are connected through our common commitment to our cultural imperatives: the “Three Ps” – Be Positive, Be Productive and Be Progressive in the since that we are always challenging each other to learn and grow. 


We are Trusted

For more than fifteen years EXOS has been a trusted partner in providing Talent, IT and Cybersecurity solutions for our clients. Whether it's servicing large-scale enterprise clients or start up professional firms, our team is there to help solve pain points and provide strategic direction. The trust we have with one another as a team is earned. We live a culture of accountability with a goal of excellence. We are invested in one another's success, personally and professionally. We are a trust first, learn together and celebrate collectively team. 




Must Haves

  • 5+ years of experience in a SOC, incident response, MSSP, or security operations role, or 2+ years past a Tier 2 / Analyst II role in a comparable environment.
  • Demonstrated ability to independently lead complex investigations and confirmed incidents to resolution across endpoint, identity, email, and network telemetry — not just triage and escalate.
  • Advanced command of an EDR (SentinelOne, CrowdStrike, or Defender for Endpoint) and a SIEM (Blumira, Sentinel, Splunk, or QRadar) at the query, pivot, and detection-authoring level.
  • Practical host and network forensics and evidence-preservation experience, including timeline reconstruction across Windows event logs, Active Directory, Entra ID, firewall, VPN, DNS, and email security logs.
  • Hands-on proactive threat hunting experience: building and executing hypothesis-driven hunts and converting findings into detections.
  • Proficient scripting in PowerShell and/or Python for investigation, log parsing, and automation.
  • Working fluency with the MITRE ATT&CK framework for both investigation and detection-coverage mapping.
  • Strong command of the incident response lifecycle, escalation criteria, and chain-of-custody / evidence-handling practices.
  • Ability to lead under pressure in a multi-client environment, prioritize across simultaneous active incidents, and maintain quality and clear documentation throughout.
  • Excellent written communication, with the ability to produce client-ready incident summaries, post-incident reports, and analytical narratives, and to mentor junior analysts effectively.
  • Solid fundamentals in TCP/IP, DNS, HTTP/S, Windows and Linux internals, and identity and access management.
  • Relevant certifications such as CompTIA CySA+, GIAC GCIH/GCIA/GCFA, BTL2, or equivalent demonstrated experience.

Plus Haves

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline. Equivalent military training or certifications considered.
  • Advanced certifications such as GIAC GCIA, GCFA, GCFE, GNFA, GCTI, GREM, or BTL2; offensive-informed credentials (OSCP, CRTO) a strong plus given the role's detection and purple-team-support scope.
  • Prior MSSP experience in a multi-tenant model, including a multi-tenant PSA/ticketing platform (ConnectWise, Autotask, ServiceNow, or similar).
  • Detection engineering experience: Sigma rules, KQL, and SentinelOne / Blumira query syntax, plus comfort building detections from hunt findings.
  • Experience with SOAR or rules-based automation and operationalizing playbooks alongside an AI Automation Engineer.
  • DFIR tooling depth (Velociraptor or comparable) and experience supporting legal, insurance, and breach-notification workflows during major incidents.
  • Vulnerability management and offensive-output review experience (ConnectSecure, Tenable, Qualys; NodeZero or comparable pentest/attack-path findings).
  • Experience mentoring or formally developing junior analysts and building SOC training content.

About the Company

E

EXOS (formerly Sondhi Solutions)