Provides expert level technical support for cyber threats and threat attack methodologies. Collects and analyzes system data to identify, contain, mitigate, and recover from cyber security threats or incidents. Conducts research and gathers information from global threat intelligence sources, pertaining to emerging cyber threats and threat attack methodologies. Leverages advanced forensic techniques to collect, preserve, and analyze digital evidence from compromised systems, networks, and endpoints. Utilizes EDR (Endpoint Detection and Response) systems, malware analysis, and file system examination to reconstruct attack timelines and identify indicators of compromise (IOCs). Develops and refines threat signatures and detection rules based on observed adversary tactics, techniques, and procedures (TTPs), contributing to proactive threat hunting and improved detection capabilities across the enterprise.

Core Responsibilities

• Leads and responds to escalated cyber security alerts, cyber incidents, or related security investigations. Identifies real-time complex attack patterns and suggests mitigation strategies.
• Leads the processes, tools and measures to monitor and detect compromises, risks, vulnerabilities, network security threats, tools and tactics used by modern and emerging threat actors. Facilitates security operations and incident response technologies and methodologies.
• Develops, manages, maintains and enhances security controls (alerts, rules, policies, and signatures) for the security platforms.
• Reviews the network environment for new and evolving cyber threats and providing preventive and remedial solutions. Identifies malicious activity by performing analysis on logs, traffic flows, and other investigative detective activities.
• Provides highly technical forensic reports focused on threats, vulnerabilities, and technologies to Vanguard executive staff.
• Leads with IT and business teams to ensure prompt and effective distribution of findings so incidents are effectively addressed. Provides department support to the business on enterprise wide security initiatives and projects.
• Mentors junior team members to improve their technical acumen
• Participates in special projects and performs other duties as assigned.

Qualifications

• Minimum of five years related work experience, with three years experience in incident response or host based forensics
• Undergraduate degree in a related field or the equivalent combination of training and experience.
• Relevant industry certifications such as GCFA, GCSA, CCSP, GREM, PMAT, PMRP, AWS Cloud Practitioner, Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer
• Proficiency with ES|QL, SQL.

• Leads and responds to escalated cyber security alerts, cyber incidents, or related security investigations. Identifies real-time complex attack patterns and suggests mitigation strategies.
• Leads the processes, tools and measures to monitor and detect compromises, risks, vulnerabilities, network security threats, tools and tactics used by modern and emerging threat actors. Facilitates security operations and incident response technologies and methodologies.
• Develops, manages, maintains and enhances security controls (alerts, rules, policies, and signatures) for the security platforms.
• Reviews the network environment for new and evolving cyber threats and providing preventive and remedial solutions. Identifies malicious activity by performing analysis on logs, traffic flows, and other investigative detective activities.
• Provides highly technical forensic reports focused on threats, vulnerabilities, and technologies to Vanguard executive staff.
• Leads with IT and business teams to ensure prompt and effective distribution of findings so incidents are effectively addressed. Provides department support to the business on enterprise wide security initiatives and projects.
• Mentors junior team members to improve their technical acumen
• Participates in special projects and performs other duties as assigned