Mid Level Security Engineer - USA
Cogniify · Mountain View, California, United States · $120K–$135K/yr
Business Consulting and Services · 11-50 employees
About the role
Monitor and respond to cyber threats across cloud and on-premises environments using SIEM and AI-assisted tools. Perform incident response, digital forensics, and automate SOC tasks to improve detection and response metrics.
What they look for
Requirements
Requires 3-6 years of experience in cybersecurity with proficiency in SIEM platforms, EDR/XDR, and scripting languages. A bachelor's degree in a technical field and a strong understanding of the MITRE ATT&CK framework are required.
Benefits
Full description
Role Overview
We are looking for a driven Mid Cybersecurity Analyst to join our Cybersecurity Delivery team. In this role, you will protect our organisation's digital assets by monitoring, detecting, investigating, and responding to cyber threats across cloud, hybrid, and on-premises environments.
You will work alongside senior engineers and architects to develop your threat-analysis capabilities while contributing directly to security operations, incident response, and compliance activities. This is a hands-on role that bridges traditional security monitoring with modern AI-assisted threat detection, automation, and cloud-native tooling.
The ideal candidate is analytically minded, comfortable in ambiguous situations, and eager to grow their skills in an evolving threat landscape powered by machine learning and AI-driven security platforms.
Key Responsibilities
Security Monitoring & Threat Detection
- Monitor security events across SIEM platforms (Microsoft Sentinel, Splunk, Chronicle) and respond to AI-generated threat alerts and risk scores.
- Triage, investigate, and escalate security incidents using threat intelligence feeds, EDR telemetry, and anomaly-detection pipelines.
- Leverage AI-assisted detection tools (e.g., Microsoft Copilot for Security, Darktrace, Vectra AI) to accelerate threat identification and reduce alert fatigue.
- Conduct log analysis, correlation, and timeline reconstruction across endpoints, cloud workloads, network traffic, and identity systems.
Incident Response & Forensics
- Participate in full-cycle incident response: containment, eradication, recovery, and post-incident review.
- Perform digital forensics using tools such as Velociraptor, KAPE, Autopsy, and memory analysis frameworks.
- Document findings in structured incident reports and contribute to playbook and runbook improvements.
- Support automated response workflows using SOAR platforms (e.g., Microsoft Sentinel Playbooks, Splunk SOAR, Palo Alto XSOAR).
Vulnerability Management & Threat Intelligence
- Support vulnerability scanning and risk prioritisation using tools such as Tenable.io, Qualys, or Rapid7.
- Consume and operationalise threat intelligence from platforms such as MISP, Recorded Future, or OpenCTI to enrich detection rules and hunting queries.
- Track adversary tactics, techniques, and procedures (TTPs) using the MITRE ATT&CK framework.
Cloud & Identity Security
- Monitor cloud security posture across AWS, Azure, or GCP environments using CSPM tools (Prisma Cloud, Defender for Cloud, Wiz).
- Investigate identity-related threats including credential compromise, MFA bypass, and lateral movement using Entra ID Protection, Okta ThreatInsight, and identity threat detection tools.
- Support Zero Trust initiatives by reviewing access policies, enforcing least-privilege controls, and reviewing Conditional Access configurations.
Automation & AI Tooling
- Write Python and PowerShell scripts to automate repetitive SOC tasks, enrich incident data, and streamline reporting workflows.
- Use AI-powered tools (ChatGPT/Copilot, AI-assisted SIEM queries, LLM-assisted malware analysis) to accelerate analysis and documentation.
- Contribute to detection-as-code pipelines using Sigma rules, KQL (Kusto Query Language), or SPL (Splunk Processing Language).
Documentation & Collaboration
- Maintain accurate and timely incident tickets, evidence records, and case notes within ITSM platforms (ServiceNow, Jira).
- Collaborate with cross-functional teams including IT, DevSecOps, compliance, and cloud engineering.
- Participate in tabletop exercises, red/blue team engagements, and threat-hunting sessions.
Required Qualifications
- 3–6 years of experience in a cybersecurity analyst, SOC analyst, or information security role.
- Hands-on experience with at least one enterprise SIEM platform: Microsoft Sentinel, Splunk, or Google Chronicle.
- Solid understanding of the MITRE ATT&CK framework and its application to threat detection and hunting.
- Experience with EDR/XDR platforms such as CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, or Cortex XDR.
- Working knowledge of cloud security fundamentals across AWS, Azure, or GCP.
- Proficiency in at least one scripting/query language: Python, PowerShell, KQL, or SPL.
- Familiarity with SOAR concepts and automated playbook execution.
- Understanding of network protocols, packet analysis (Wireshark/tcpdump), and perimeter security technologies.
- Knowledge of identity and access management including Active Directory, Entra ID, and SSO/MFA technologies.
- Strong analytical, written, and verbal communication skills.
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or equivalent practical experience.
Preferred Skills
- Experience with AI-augmented security tools: Microsoft Copilot for Security, Darktrace, Vectra AI, or similar.
- Exposure to CSPM and cloud-native security tooling (Prisma Cloud, Wiz, Orca Security, Defender for Cloud).
- Familiarity with detection engineering and detection-as-code practices using Sigma, YARA, or KQL.
- Experience with container and Kubernetes security monitoring (Falco, Aqua Security, Sysdig).
- Knowledge of compliance frameworks: ISO 27001, NIST CSF, SOC 2, PCI-DSS, or GDPR.
Preferred Certifications
- CompTIA Security+ or CySA+
- Microsoft Security Operations Analyst (SC-200)
- Certified SOC Analyst (CSA) – EC-Council
- GIAC Security Essentials (GSEC) or GIAC Certified Incident Handler (GCIH)
- CrowdStrike Certified Falcon Responder (CCFR)
Who You Are
- An analytical problem-solver who enjoys investigating complex security events and building the full attack story.
- Curious and self-driven you keep up with the evolving threat landscape and embrace AI tools to work smarter.
- A clear communicator who can translate technical findings into actionable insights for both technical and business audiences.
- Detail-oriented with disciplined habits around documentation, evidence handling, and case management.
- A collaborative team player who thrives in cross-functional, fast-paced environments.
Success in This Role
- Achieve consistent first-response SLA targets for incident triage and escalation.
- Contribute to measurable improvements in detection coverage and MTTD/MTTR metrics.
- Develop and publish at least two detection rules or hunting queries per quarter.
- Actively contribute to playbook development and post-incident review processes.
- Expand skills through certifications, internal training, and cross-team collaboration.
Perks & Benefits
- Competitive compensation with annual performance bonuses.
- Comprehensive medical, dental, and vision coverage for employees.
- Generous leave policy including enhanced parental leave benefits.
- Sponsored professional certifications and continuous learning opportunities.
- Access to mentorship, leadership sponsorship, and structured career development.
- Exposure to enterprise-scale cybersecurity transformation initiatives.
- Collaborative team culture with direct leadership engagement.
- Team-building events, knowledge-sharing sessions, and professional networking opportunities.
- Flexible and growth-oriented work environment.
Compensation
$120,000 – $135,000
Disclaimer: Compensation ranges are indicative and may vary depending on experience, skills, certifications, and business requirements.
Equal Opportunity Statement
We are an equal opportunity employer committed to fostering an inclusive and diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic under applicable law.