IT Security Analyst II
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
About the role
The IT Security Analyst II serves as a core contributor within TD Williamson's Global Cybersecurity team, responsible for security monitoring, alert triage, incident response, and detection engineering across TDW's global enterprise and industrial environment. TDW is a manufacturer and pipeline service provider whose products and field services are deployed directly into customers' critical infrastructure operations. This role operates within a modern security operations function with exposure to OT/ICS-adjacent environments inherent to TDW's manufacturing and pipeline services business.
Responsibilities
- Primary duties may include, but are not limited to:
- Security Monitoring & Alert Triage
- Perform daily triage of security alerts generated by TDW cybersecurity solutions.
- Investigate and disposition alerts with documented verdicts (true positive, false positive, benign true positive), rationale, and supporting evidence.
- Manage alert queues and cybersecurity request tasks in TDW's ticketing system, prioritize based on risk and context, and escalate confirmed or probable incidents per established runbooks.
- Operate across overlapping telemetry sources and apply source-awareness when correlating events.
- Incident Response
- Participate in and lead (at tier) incident response activities following the cycle: Containment → Evidence Preservation → Root Cause Analysis → Remediation → Post-Incident Review.
- Conduct host-based, log-based, and identity-based investigation across available security tooling and data sources.
- Document incident findings clearly, distinguishing confirmed findings from hypotheses, and produce post-incident summaries suitable for technical and non-technical audiences.
- Support escalation to senior analysts, legal counsel, or external parties when incidents may constitute reportable breaches under applicable law (GDPR, PIPEDA, DPDP Act, etc.).
- Identity & Cloud Security Support
- Support investigation and response for identity-based threats including credential abuse, MFA bypass attempts, suspicious sign-in activity, and Conditional Access policy violations.
- Work with identity and access management telemetry to identify anomalous authentication patterns and support policy enforcement decisions.
- Ensure alignment with Zero Trust principles and applicable compliance requirements.
- Threat Intelligence & Vulnerability Management
- Leverage threat intelligence platforms and open-source resources to enrich investigations, contextualize IOCs, and identify emerging threats relevant to TDW's industrial sector and technology footprint.
- Support vulnerability management workflows; assist in prioritization of remediation based on exploitability, asset criticality, and threat context.
- Defang and safely communicate IOCs (IPs, domains, hashes) per operational security standards.
- Documentation, Policy & Security Awareness
- Develop and maintain SOC runbooks, triage playbooks, and exception documentation to operational standards.
- Contribute to the development and review of information security procedures, ensuring alignment with NIST CSF 2.0, ISO/IEC 27001:2022, and MITRE ATT&CK.
- Provide consultation to IT engineering and business stakeholders on security best practices relevant to their operational context.
- Support security awareness initiatives and participate in knowledge transfer with peers.
Requirements
- Required
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field, plus 2-5 years of hands-on experience in a security operations, detection engineering, or incident response role; or an equivalent combination of education and directly applicable experience.
- Demonstrated experience working within a SIEM platform (Elastic, Splunk, Microsoft Sentinel, or comparable) including alert triage, query development, and rule management.
- Practical experience with endpoint detection and response (EDR) platforms and log-based investigation.
- Experience with ServiceNow or a comparable enterprise ticketing platform for incident tracking, request management, and documentation of security events.
- Familiarity with firewall technologies and proficiency in analyzing network and firewall logs to support triage and documentation of security findings.
- Preferred
- Experience with Elastic Security (SIEM Serverless or self-managed), including KQL/EQL query authoring and Elastic ingest pipeline configuration.
- Experience with Microsoft cybersecurity tooling including endpoint protection, identity, and device management platforms.
- Familiarity with cloud environments (Microsoft Azure preferred) and cloud-native security telemetry.
- Familiarity with Cisco Meraki and Palo Alt
Additional Information
At TDW we put people first - that means working everyday to ensure the pipelines that run through our communities are operating safely and reliably. What sets us apart is our expertise, experience and commitment. Each day we dedicate ourselves to treating each other, our customers and our community with care and respect.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at tdwilliamson? Share your experience