Cyber Threat Analyst(Intermediate)

Estimated Starting Salary Range for ​Cyber Threat Analyst (Intermediate)​: $107K-$115K 

Pay commensurate with experience. 

Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided.  Benefits are subject to change with or without notice. 

​​Cyber Threat Analyst (Intermediate)​ Responsibilities Include:   

Incident Detection & Response 

• Monitor, analyze, and triage security alerts from multiple sources including SIEM, EDR/XDR, and network monitoring tools 

• Perform in-depth investigations of security incidents, including malware, phishing, lateral movement, and data exfiltration 

• Lead incident response activities and recommend containment, eradication, and recovery actions 

• Create incident reports documenting incident timelines, root cause analysis, and remediation recommendations 

Endpoint & Network Security Analysis  

• Analyze endpoint telemetry to identify suspicious behavior, persistence mechanisms, and exploitation techniques 

• Investigate network traffic (e.g., DNS, HTTP(S), NetFlow, PCAP) for indicators of compromise (IOCs) and attacker activity 

• Correlate endpoint and network data to identify threats and attack patterns 

Cloud Security (AWS & Azure) 

• Monitor and investigate security events in AWS and Azure environments 

• Analyze CloudTrail, VPC flow, Azure Activity, and Azure AD/Entra ID logs to identify suspicious cloud activity 

• Support cloud incident response and recommend security improvements 

EDR and SIEM Detection & Analysis 

• Utilize Splunk for log analysis, correlation searches, and dashboard creation 

• Leverage Microsoft Defender XDR and Trellix Endpoint Security (HX) for threat hunting, alert triage, and response actions 

• Develop and tune detection rules to improve alert fidelity and reduce false positives 

• Create and maintain runbooks and standard operating procedures (SOPs) 

Threat Hunting & Intelligence 

• Conduct proactive threat hunting across endpoint, network, and cloud environments 

• Integrate and apply threat intelligence to enhance detection and response capabilities 

• Identify gaps in visibility and recommend improvements 

Collaboration & Mentorship 

• Act as escalation point for Tier 1 analysts 

• Provide guidance and training to junior analysts 

• Collaborate with to facilitate incident response and improve security posture 

​​Cyber Threat Analyst (Intermediate)​ Experience, Education, Skills, Abilities requested:   

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field is preferred. 

• Minimum 3-5 years of experience in security analysis, with a strong understanding of network protocols, traffic analysis, endpoint forensics and artifacts. 

• Strong experience with Splunk (SPL, dashboards, correlation rules) 

• correlation) 

• Experience analyzing: 

• Endpoint telemetry (EDR tools, host-based investigations) 

• Network traffic (packet analysis, NetFlow, IDS/IPS alerts) 

• Cloud logs (AWS and Azure) 

• Familiarity with AWS (e.g., CloudTrail, GuardDuty, VPC logs) 

• Familiarity with Microsoft Azure (e.g., Azure AD/Entra ID, Defender for Cloud) 

• Experience with Microsoft Defender XDR (endpoint, identity, email, and cloud) 

• Solid understanding of: 

• MITRE ATT&CK framework 

• Common attack Tactics, Techniques, and Procedures (TTPs) 

• Relevant certifications: 

• GIAC Certified Incident Handler (GCIH) 

• GIAC Certified Forensic Analyst (GCFA) 

• GIAC Certified Forensic Analyst (GCFE) 

• CompTIA CySA+ 

• Microsoft Certified: Security Operations Analyst Associate (SC-200) 

• Splunk Core Certified Power User 

• Splunk Certified Cybersecurity Defense Analyst 

• Preferred Skills: 

• Experience with SIEM tools and network monitoring systems. 

• Strong analytical and problem-solving skills with the ability to respond to complex security incidents. 

• Scripting or automation skills (Python, PowerShell, Bash) 

• Experience with SOAR platforms and automated response workflows 

• Knowledge of digital forensics and malware analysis (basic to intermediate) 

• Excellent communication skills, with the ability to clearly explain security issues and recommendations to technical and non-technical stakeholders. 

• Must pass pre-employment qualifications of Cherokee Federal 

Company Information: 

​​Cherokee Nation System Solutions (CNSS)​ is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about ​CNSS​, visit cherokee-federal.com. 

​​#CherokeeFederal #LI-SM2 #AppC​ 

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply. 

 Keywords 

1. Security Analyst 

1. Network Security 

1. Threat Detection 

1. SIEM Tools 

1. Incident Response 

2. Similar Job Titles 

1. Cybersecurity Analyst 

1. Network Security Analyst 

1. Information Security Specialist 

1. Threat Detection Specialist 

1. Incident Response Analyst 

Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request. 

Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.