Cybersecurity Operations Specialist II

Overview and Responsibilities

We are seeking a seasoned and highly motivated cybersecurity professional to join our global team as a Specialist II in Cybersecurity Operations. This role plays a critical part in defending the organization against cyber threats through expert-led incident response, threat detection, and hands-on management of core security technologies.
The ideal candidate will bring deep expertise in investigating and responding to security incidents, a strong understanding of threat intelligence and adversary behaviors, and practical experience with enterprise security tools. This position requires the ability to think critically under pressure, communicate clearly across technical and non-technical teams, and drive continuous improvements in our detection and response capabilities.
 

•    Lead and execute end-to-end incident response activities, including containment, remediation, and post-incident analysis.
•    Monitor, acknowledge, investigate, and action on alerts escalated by an MSSP.
•    Document incident timelines, technical findings, and lessons learned for compliance and internal knowledge sharing.
•    Work closely with other departments, including Legal, HR, and IT to communicate information and coordinate incident response activities.
•    Review and enhance log collection, telemetry coverage, and data sources across endpoints, networks, and cloud services.
•    Develop, maintain, and continuously improve incident response playbooks aligned with cybersecurity frameworks and best practices.
•    Support and participate in tabletop exercises and simulations to validate incident response readiness.
•    Contribute to red team/blue team initiatives to strengthen defensive capabilities.
•    Act as a mentor or escalation point for junior team members during security investigations.
•    Respond to incident escalations as part of an on-call team rotation.
•    Conduct threat analysis using internal telemetry and threat intelligence feeds.
•    Perform regular threat hunting exercises to identify indicators of compromise (IOCs) and anomalous behavior.
•    Clearly communicate proactive response strategies and monitoring approaches for emergent threats, guiding both technical and non-technical stakeholders toward timely, informed action.
•    Implement, configure, and manage security technologies such as Endpoint Detection and Response (EDR), intrusion prevention systems, and network security solutions.
•    Identify and implement cost-saving measures through automation and process improvements.
•    Manage vendor relationships related to cyber security products and services.
•    Collaborate with fellow security team members and the IT department to strengthen and enhance the organization's overall security posture.
•    Stay up to date with the latest cybersecurity trends, threats, and technologies.
•    Perform other cybersecurity-related duties and responsibilities as assigned, based on organizational priorities and evolving security needs.

Requirements

•    Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field preferred.
•    Minimum of 5 years of experience in cybersecurity operations, with a focus on incident response and threat hunting.
•    Strong understanding of threat detection technologies, techniques, and incident response methodologies.
•    Strong proficiency with EDR platforms, with a preference for experience with CrowdStrike and its detection, investigation, and response capabilities.
•    Hands-on experience managing network firewalls and network security appliances (e.g., Palo Alto, Cisco).
•    Broad technical background in IT, preferably with experience in network operations, SOC, or server administration.
•    Solid understanding of core IT infrastructure components, including Active Directory, DNS, DHCP, Group Policy, Windows Server roles, PowerShell scripting, and endpoint management tools such as Microsoft Endpoint Configuration Manager (SCCM) or Intune.
•    Familiarity with the MITRE ATT&CK framework, threat intelligence tools, and EDR platforms.
•    Proficiency in log analysis, detection modeling, and event correlation.
•    Understanding of Microsoft Azure services, including Sentinel, Monitor, and Log Analytics.
•    Experience working with SIEM systems and scripting languages such as KQL, Python, or PowerShell a strong plus.
•    Familiarity with common cybersecurity frameworks (CIS, NIST) and data protection regulations (e.g., GDPR).
•    Excellent written and verbal communication skills in English.
•    Ability to work independently and collaboratively in a global team environment.
•    Relevant certifications such as CISSP, CISM, or GIAC strongly preferred.