Security Analyst

Monitors, investigates, and responds to security events across SIEM, EDR, identity, network, and cloud platforms, turning noisy alerts into clear, evidence-based findings. They triage and scope incidents, run and improve playbooks, hunt for suspicious activity using frameworks like MITRE ATT&CK, and tune detections to raise true positives and cut false positives. Comfortable with query languages (e.g., KQL or SPL) and basic scripting, they collaborate with platform, IR, and engineering teams to contain threats and drive root-cause fixes.