Investigate and respond to escalated security incidents, perform threat hunting and root cause analysis, tune detection rules in SIEM, mentor Level 1 analysts, collaborate on incident response, and improve detection and response playbooks across the enterprise.
We are seeking a skilled and proactive Level 2 Cybersecurity Analyst to join our Cyber Defense Operations team. This role is responsible for investigating and responding to security incidents, performing advanced threat analysis, and supporting the continuous improvement of detection and response capabilities. You’ll work closely with junior analysts, threat intelligence, and incident response teams to ensure timely detection and mitigation of security threats across Citizens Bank’s enterprise environment.
Key Responsibilities
- Investigate escalated security alerts and incidents from Level 1 analysts.
- Perform root cause analysis and impact assessments of security events.
- Conduct threat hunting and anomaly detection across enterprise systems.
- Collaborate with incident response teams to contain and remediate threats.
- Correlate threat intelligence with internal telemetry to identify emerging threats and attack patterns.
- Assist in the creation of use cases and offer recommendations for tuning detection rules in SIEM and other monitoring tools.
- Recommend improvements to incident response playbooks and runbooks.
- Provide mentorship and guidance to Level 1 analysts.
- Participate in post-incident reviews and contribute to lessons learned.
- Represent Cyber Defense in cross-functional security and risk initiatives.
Required Knowledge Areas
- Deep understanding of network and endpoint security concepts.
- Knowledge of threat actor tactics, techniques, and procedures (TTPs).
- Familiarity with the MITRE ATT&CK framework and threat intelligence platforms.
- Knowledge of regulatory and compliance frameworks (e.g., NIST, ISO, PCI-DSS).
Required Skills
- Proficient in log analysis, packet capture review, and malware analysis.
- Strong analytical and problem-solving skills.
- Experience with scripting or automation (Python, PowerShell, Bash).
- Effective oral and written communication skills for both technical and non-technical audiences.
- Ability to work independently and collaboratively in a high-pressure environment.
Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent experience.
- 2–5 years of experience in cybersecurity operations or incident response.
- Security certifications such as CySA+, GCIH, GCIA, CEH, or equivalent preferred.
- Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR tools (e.g., CrowdStrike, Microsoft Defender).
- Willingness to participate in a rotating on-call schedule or extended hours during critical incidents.
Preferred Experience
- Hands-on experience with:
- SIEM Tools: Splunk, ArcSight, Sentinel, QRadar
- EDR/XDR: CrowdStrike, Microsoft Defender, SentinelOne
- Network Security: Palo Alto, Cisco, Check Point, FirePower
- Data Protection: Symantec DLP, Triton, Guardium
- Threat Intelligence & SOAR Platforms
- Cloud Security Monitoring: AWS, Azure, or GCP environments
Hours Work and Schedule
- Hours per Week: 7am - 5pm
- Work Schedule: Monday - Thursday
Top Skills
Python,Powershell,Bash,Splunk,Sentinel,Qradar,Arcsight,Crowdstrike,Microsoft Defender,Sentinelone,Palo Alto,Cisco,Check Point,Firepower,Symantec Dlp,Triton,Guardium,Mitre Att&Ck,Siem,Edr,Xdr,Soar,Aws,Azure,Gcp
Similar Jobs
Artificial Intelligence • Big Data • Cloud • Information Technology • Software • Big Data Analytics • Automation
Drive land-and-expand revenue across enterprise accounts by managing and expanding existing customer relationships, acquiring new logos, consulting with VP/C-level executives, executing territory plans, coordinating demos/events, working with sales engineering and partners, and ensuring successful implementations while upselling and cross-selling Dynatrace solutions.
Top Skills:
Dynatrace,Davis Hypermodal Ai,Aws,Microsoft Azure,Google Cloud,Observability,Meddpic
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Lead architecture, development, and scaling of source-code security services (SAST, secret detection, code search) and integrate them into CI/CD. Partner with product and engineering leadership to prioritize risk, improve developer experience, apply AI/ML to reduce false positives, mentor teams, and create training and metrics to elevate security practices across the organization.
Top Skills:
Sast,Secret Detection,Deep Code Search,Source Code Security,Ai/Ml,Sca,Dast,Container Scanning,Iac Scanning,Ci/Cd,Servicenow,Flow Designer,Scoped Applications,Semgrep,Codeql,Checkmarx,Gitguardian,Trufflehog,Detect-Secrets,Snyk,Dependabot,Grype,Kubernetes,Serverless,Aws,Azure,Gcp,Stride
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Lead global end-to-end People process optimization using Lean Six Sigma and data-driven methods. Identify automation opportunities on the ServiceNow platform, implement process improvements, mentor teams, deploy process/task mining, establish controls and metrics, and drive cross-functional transformation to increase efficiency, capacity, and employee experience.
Top Skills:
Servicenow,Servicenow Hrsd,Genai,Process Mining,Task Mining,Erp
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
