Security Analyst

Serving in the role of Security Analyst, you will join Vectra's MXDR team and use your knowledge of cyber threats, attacker behavior, and investigation techniques to analyze and interpret real-world attacks affecting our customers. You will investigate suspicious activity, correlate indicators across multiple data sources, identify attacker tactics and lateral movement, and communicate findings in a clear and actionable manner to customers. 

As part of the Vectra MXDR team, you will monitor, triage, investigate, and respond to security events across customer environments using the Vectra platform, integrated EDR technologies, and supporting security tools. This is a customer-facing operational security role requiring strong analytical thinking, effective communication, and a solid understanding of modern attack techniques and enterprise environments. 

You will help customers distinguish benign from malicious activity, prioritize threats based on risk and impact, and provide guidance during active investigations and incident response situations. Leveraging Vectra’s AI-driven detections and telemetry, you will contribute to protecting customer environments against advanced threats while continuously improving operational detection and response capabilities. 

This is a highly technical role requiring strong knowledge of networking, operating systems, and security operations principles. Successful candidates will be comfortable analyzing alerts, validating threats, investigating attacker activity, and working across complex customer environments. 

When not actively engaged in customer investigations, analysts are expected to contribute to operational improvement initiatives, detection tuning, threat research, playbook development, and knowledge sharing activities that strengthen both the team and customer outcomes. 

Your role at a glance 

• Monitor, triage, and investigate security alerts and suspicious activity across customer environments  

• Analyze attacker behavior, lateral movement, privilege escalation, and indicators of compromise using Vectra and integrated security tools  

• Provide customers with timely, clear, and actionable recommendations during security investigations and active incidents  

• Escalate confirmed threats and coordinate with customer security teams during incident response activities  

• Assist customers in understanding detections, threat prioritization, and remediation guidance  

• Leverage EDR, network telemetry, and security tooling to validate and investigate potential threats  

• Contribute to detection tuning, operational process improvement, and threat-hunting activities  

• Document investigations, findings, recommendations, and lessons learned in a clear and professional manner  

• Collaborate with internal teams to improve detection coverage, operational workflows, and customer experience  

• Act as a strong advocate for customer security outcomes and operational excellence  

• Pursue ongoing security research and stay current on emerging threats, attacker techniques, and industry trends  

• Travel expected 0–10%  

To be successful in your new role, you have 

• Experience working in a SOC, MDR, incident response, threat hunting, or security operations environment  

• Strong analytical and investigative skills with the ability to assess and prioritize security events  

• Experience communicating technical findings and security risks to both technical and non-technical audiences  

• Ability to work independently in fast-paced operational environments and adapt quickly to changing priorities  

• Excellent written communication, documentation, and organizational skills  

• Experience collaborating across cross-functional teams in customer-facing or operational roles 

The technical essentials 

• Good understanding of security technologies including EDR, SIEM, NDR, firewalls, and endpoint security platforms 

• Experience with EDR tools including Crowdstrike, Microsoft Defender for Endpoint (MDE) & SentinelOne 

• Good understanding of security product lines (firewalls, sandboxing, SIEM, forensics-type platforms) 

• Understanding of network protocols such as TCP/IP, DHCP, DNS, NAT, VPN, PKI, RADIUS, etc. 

• Good understanding of SQL query language. 

• Proficiency with packet capture tools, PCAPs, and their analysis 

• Familiarity with attacker tactics, techniques, and procedures (TTPs), including lateral movement and credential abuse 

Experience that impresses us as a plus 

• Experience with Active Directory, Entra ID, LDAP, VPNs, firewalls, and enterprise identity environments  

• Understanding of cloud security concepts in AWS and/or Azure environments  

• Experience with threat hunting methodologies and incident response processes  

• Scripting or automation skills (Python or PowerShell) are a plus  

• Relevant industry certifications such as GCIA, GCIH, GCFA, CySA+, Security+, or similar  

• Security Research or Red Team related skillset. 

• Experience working with LLMs, prompt design, and operational AI-assisted workflows