[Remote] Security Analyst
Note: The job is a remote job and is open to candidates in USA. Criterion Systems, a Cherokee Federal company, is seeking a motivated Security Analyst to support cybersecurity operations in a federal environment. The selected candidate will perform hands-on detection, analysis, investigation, threat hunting, and incident response activities while helping strengthen the organization's security posture.ResponsibilitiesMonitor and analyze security events utilizing Splunk Enterprise Security (ES)Build, maintain, and tune Splunk searches, correlation rules, alerts, and dashboardsConduct incident response activities from detection through containment, eradication, recovery, and closureInvestigate endpoint security incidents utilizing Microsoft Defender for EndpointPerform endpoint policy management and incident investigationsAssess AWS cloud security telemetry utilizing GuardDuty, Security Hub, and related cloud security servicesIdentify threats, vulnerabilities, suspicious activity, and cloud misconfigurationsExecute alert triage, incident scoping, and escalation activities according to established playbooksRecommend updates and improvements to operational procedures and incident response playbooksSupport threat hunting activities and detection engineering initiatives aligned to MITRE ATT&CK methodologiesPerform phishing investigations, alert enrichment, and forensic review activitiesConduct root cause analysis and document corrective actions following security incidentsTrack incidents and operational tasks utilizing case management systemsParticipate in tabletop exercises and operational readiness activitiesCollaborate with Security Operations teams, Incident Response personnel, and federal stakeholdersPrepare reports and communicate findings to technical and non-technical audiencesPerform other job-related duties as assignedSkillsThis position requires an active Public Trust clearance or the ability to obtain and maintain oneThree (3) to five (5) years of experience in cybersecurity operations, SOC analysis, incident response, or related security disciplinesDemonstrated hands-on experience with Splunk Enterprise Security, including search development, dashboard creation, and correlation rule tuningExperience utilizing Microsoft Defender for Endpoint for security investigations and policy managementWorking knowledge of AWS cloud security technologies, including GuardDuty, Security Hub, or equivalent toolsProven experience managing incidents through the complete incident response lifecycleWorking knowledge of MITRE ATT&CK framework and common threat actor tactics, techniques, and proceduresFamiliarity with incident response methodologies and frameworks such as NIST 800-61Strong analytical, investigative, and problem-solving capabilitiesExcellent written and verbal communication skillsExperience supporting federal government customers or highly regulated environmentsAbility to work independently while collaborating effectively with cross-functional teamsExperience with Security Orchestration, Automation, and Response (SOAR) platformsExperience developing automation scripts utilizing Python, PowerShell, or similar technologiesFamiliarity with FISMA, FedRAMP, CMMC, or other federal cybersecurity compliance frameworksExperience with Network Detection and Response (NDR) technologiesExposure to packet capture analysis and network forensics platformsKnowledge of malware analysis methodologies and digital forensics fundamentalsIndustry certifications such as Security+, CySA+, GCIH, GCIA, CEH, or equivalentBenefitsMedicalDentalVision401(k)Paid Time OffLife InsuranceDisability CoverageCompany OverviewCherokee Federal, a division of Cherokee Nation Businesses, is a trusted team of government contracting professionals who can rapidly build innovative solutions. It was founded in 1969, and is headquartered in Tulsa, Oklahoma, USA, with a workforce of 5001-10000 employees. Its website is https://cherokee-federal.com.