Monitor security tooling and dashboards; perform first-level triage of alerts generated by the SIEM, EDR, and email security platforms; apply established runbooks to analyze and disposition alerts and escalate to senior analysts when events exceed defined scope or complexity.
Investigate end-user-reported phishing emails; analyze headers, URLs, and attachments using sandboxing and threat intelligence tools; document findings, execute containment actions within defined authority, and escalate confirmed threats per incident response procedures.
Participate in security incident response activities as an active contributor; execute assigned containment and remediation tasks; produce accurate post-incident documentation including timelines, actions taken, and lessons learned.
Execute vulnerability management operational tasks including review and triage of scan results from Rapid7 InsightVM, severity-based prioritization of findings, and coordination of remediation tracking with IT asset owners.
Support Identity and Access Management (IAM) operations, including execution of access reviews, identity lifecycle tasks (joiner/mover/leaver workflows), and identity governance activities in coordination with the IAM team.
Monitor threat intelligence feeds and security advisories; summarize relevant emerging threats and indicators of compromise for team review and escalate high-priority advisories as appropriate.
Maintain and improve security documentation, standard operating procedures, and knowledge base articles; ensure operational runbooks remain accurate and current.
Collaborate with team members on security alert analysis and operational process improvement; contribute observations and recommendations to team discussions.
Additional duties as assigned.
Position Requirements
Knowledge, Skills, and Abilities
Working knowledge of core security concepts including network security fundamentals, common attack techniques and threat actor tactics (MITRE ATT&CK framework familiarity preferred), the CIA triad, and security monitoring principles.
Ability to independently execute structured security operational procedures; recognize when events exceed defined scope and escalate appropriately.
Strong analytical and investigative skills; ability to synthesize information from multiple sources and reach sound, documented conclusions.
Effective written and verbal communication skills; ability to produce clear, concise incident documentation, ticket notes, and operational reports.
Strong attention to detail; ability to manage multiple concurrent tasks and prioritize effectively in a dynamic environment.
Demonstrated ability to handle sensitive and confidential information with appropriate discretion.
Requirements
1-3 years of professional experience in a cybersecurity, information security, or IT operations role, or an equivalent combination of education and demonstrated hands-on experience.
Prior experience performing security alert triage, phishing investigation, vulnerability management, or incident response activities in an enterprise environment is strongly preferred.
Experience working with enterprise security tooling in a professional or lab environment is required; experience in a managed security services or SOC environment is a plus.
Education
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field required. Equivalent professional experience will be considered in lieu of a degree.
Licensing and/or Certification
No certifications are required for this role. The following credentials are preferred and will strengthen a candidate's application:
CompTIA Security+ (preferred)
CompTIA Network+
ISC² Certified in Cybersecurity (CC) or SSCP
Microsoft Security Operations Analyst (SC-200)
Microsoft Security, Compliance, and Identity Fundamentals (SC-900)
Other recognized security operations or analyst-track certifications
Integritymarketing · Dallas, TX