Cyber Analyst (Threat Management & Cloud Security)

Role & responsibilities

• Maintain endpoint security baselines (CIS/NIST), including hardening policies
• Continuously monitor endpoint alerts and logs for suspicious behaviour and coordinate response with SOC/IR teams.
• Lead incident response for endpoint-related threats, including ransomware, malware, privilege escalation attempts.
• Ensure timely patching and vulnerability remediation across all endpoint platforms (Windows, macOS, Linux).
• Implement and maintain security controls on Domain Controllers including: LSASS protection, Credential Guard, SMB signing, LDAP signing/channel binding
• Regularly audit Active Directory configurations: GPOs, privileged groups (e.g., Domain Admins), stale accounts, SPNs, and Kerberos delegations.
• Monitor for MITRE ATT&CK techniques like DCSync, Golden Ticket, Pass-the-Hash, and unauthorized Group Policy changes.
• Enforce Tiered Administration model and PAWs (Privileged Access Workstations) for Domain Admin activities.
• Perform regular security assessments of AD and DCs (e.g., BloodHound, PingCastle, Purple Knight).
• Perform continuous attack surface management to identify, assess, and remediate vulnerabilities across cloud and on-prem environments.
• Conduct cloud security assessments and provide recommendations aligned with best practices (AWS/Azure/GCP).
• Participate in threat detection and incident response using EDR (Endpoint Detection & Response) and NDR (Network Detection & Response) tools.
• Investigate and respond to security incidents, threats, and alerts in real-time.
• Collaborate with the red team to simulate attacks and evaluate the effectiveness of security defenses.
• Work with security tools and platforms to monitor, analyze, and report on emerging threats.
• Document and report on incidents, vulnerabilities, and risk assessments, ensuring alignment with compliance and governance standards.

Preferred candidate profile

• 2 - 3 years of experience in cybersecurity, with a strong focus on Cloud Infrastructure, Endpoint and identity infrastructure.
• Cloud Security: AWS, Azure, GCP (any or all)
• Threat Detection & Response: EDR (e.g., CrowdStrike, SentinelOne), NDR (e.g., Darktrace, Vectra)
• Attack Surface Management: Tools like Shodan, ASM platforms, manual techniques
• Incident Response: Tier 1/2 responder experience, IR playbook knowledge
• Red Team Support: Basic understanding or participation in offensive security exercises
• Familiarity with frameworks: MITRE ATT&CK, NIST, CIS Benchmarks
• Deep understanding of MITRE ATT&CK, Lateral Movement, and Credential Access techniques.
• Familiarity with tools like: Sysinternals Suite, BloodHound, PingCastle, ADRecon, etc.
• Security Certifications: Cloud Certifications, CRTA, CEH, ISC2