Job Description:
We are seeking a sharp, detail-oriented Virtual Analyst (L2) to join our dedicated Threat Management Team. This role is designed for a technical “hunter-validator” who excels at navigating complex security telemetry to separate signals from noise. As an L2 Virtual Analyst, you will be embedded within the client’s environment, serving as the frontline expert as a expert for EDR and Email Security tools and provide remediation as well as BAU operations management for the tickets logged against these tools. The Tickets can be Security Incidents or Operational BAU.
Responsibilities:
- Threat Investigation and Remediation
Active monitoring of CrowdStrike Falcon and Email-Gateway related security incidents for additional context and Threat Remediation / Management.
Apply advanced investigations and support IR Bridge. - Incident Analysis & Evidence Collection
Endpoint Analysis: Deconstruct CrowdStrike events by analyzing process trees, file paths, cryptographic hashes, and network connections to build a comprehensive incident narrative.
Email Forensics: Review gateway logs and quarantined messages to identify malicious senders, weaponized URLs, and malicious attachments.
Non-Intrusive Approach: Conduct thorough investigations and risk summaries without taking direct containment or remediation actions. - Alert Enrichment & Escalation
Enrich every validated alert with critical context, including user identity, device posture, IP/domain reputation, and mapping to the MITRE ATT&CK® framework.
Compile “action-ready” escalation packages for L3/Client teams, including relevant screenshots, log snippets, and a clear executive summary of the threat. - Playbook Adherence & Reporting
Strictly adhere to client-specific runbooks for monitoring and triage to ensure compliance with operational boundaries.
Maintain accurate incident records and timelines.
Metrics & Trends: Identify and highlight recurring threat patterns or policy gaps to assist the client in long-term security posture improvement.
About SHQ:
SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone. SecurityHQ – We’re focused on engineering cybersecurity, by design.
