[Hiring] Cyber Defense Analyst @BeyondTrust

Role Description

BeyondTrust is a global leader in privileged access management. Our products provide remote access and privileged control capabilities that are deployed across thousands of enterprise environments worldwide. As a SOC Analyst on our Cyber Defense Operations team, you will serve as a front-line defender responsible for protecting both BeyondTrust’s enterprise infrastructure and the integrity of the products our customers depend on. You will monitor, investigate, and respond to security events in an environment where the stakes are real and the adversaries are capable.

This team is building toward an AI-augmented operating model. You will be expected to use AI-driven tools in your daily work and to contribute to how we integrate these capabilities into our detection, triage, and response workflows.

What You’ll Do

• Alert Triage & Monitoring
  • Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
  • Investigate alerts to determine scope, severity, and whether escalation is warranted.
  • Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
  • Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.
• Incident Response & Investigation
  • Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
  • Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow data.
  • Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
  • Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
  • Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.
• Detection Engineering & Threat Intelligence
  • Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms.
  • Translate threat intelligence into actionable detection content.
  • Help maintain and evolve detection coverage mapped to MITRE ATT&CK.
  • Partner with threat hunting peers to validate detection logic through hypothesis-driven hunts.
• AI Integration & Automation
  • Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
  • Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the team’s workflows.
  • Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
  • Partner with engineering teams to improve log ingestion, data quality, and tool integrations.
• Operational Excellence
  • Maintain daily operational notes and shift handoff documentation.
  • Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
  • Participate in on-call rotation for after-hours incident escalation.
  • Track and report on operational metrics and identify improvement opportunities.
  • Participate in tabletop exercises, purple team activities, and post-incident reviews.

Qualifications

• 2+ years of experience in a SOC, security operations, or incident response role.
• Understanding of common attack frameworks (MITRE ATT&CK), network protocols, and endpoint behavior.
• Experience with at least one SIEM platform and familiarity with writing search or detection queries.
• Familiarity with EDR platforms and cloud environments (IaaS preferred).
• Comfort using AI systems as part of security workflows.
• Strong written communication skills; able to document findings clearly and concisely for both technical and non-technical audiences.

Nice To Have

• Experience leading or co-leading complex incident response engagements from triage through remediation.
• Experience with identity and access management platforms and cloud security posture management tools.
• Scripting and automation skills (Python, PowerShell, or equivalent) applied to security workflows.
• Familiarity with SOAR platforms or orchestration tools for automated response and enrichment.
• Experience designing or implementing AI agent architectures or prompt engineering for security use cases.
• Experience building or contributing to threat intelligence programs or detection-as-code pipelines.
• Understanding of the privileged access management landscape and the threat actors that target it.
• Track record of evaluating and adopting emerging technologies in a production security environment.

Benefits

• Flexible work environment.
• Opportunities for continual learning and growth.
• Supportive team culture.

Company Description

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats.