Level 2 Cyber Security Analyst

Lyra Technology Group is looking for L2 Cyber Security Analyst for one of their operating companies, VirtualArmour.  The primary role of our L2 Cyber Security Analyst is to work with customers for our Managed Security Services (MSS) department.  The Cyber Security Analyst’s role will help protect our customer networks against cybersecurity threats such as hackers, cyber-terrorists and malware that can steal or corrupt sensitive customer data. This role will be monitoring and analyzing customer networks, servers, databases, and end-point equipment for key indicators of compromise. Once a possible threat is detected, the analyst must investigate, respond to, and report to our customers with any recommended remediation.  Cyber Analysts should have the experience and knowledge desired below and will also be enrolled in the VirtualArmour Academy, where students will be trained in other aspects of the role.

VirtualArmour, founded in 2001, has 20+ years of serving as a trusted advisor, fulfilling the needs of businesses, enterprises, and organizations globally. From hardware configuration and deployment to ongoing managed security services, VirtualArmour’s experience spans 12 industries with deep expertise in Financial Services, Healthcare, Transportation / Logistics, and Manufacturing.

• Monitor and triage security alerts from EDR/XDR, SIEM, and related security tooling; prioritize incidents based on risk and business impact.
• Investigate endpoint threats (malware, ransomware, credential theft, persistence, lateral movement) using Microsoft Defender for Endpoint (MDE), CrowdStrike EDR, SentinelOne EDR, and Stellar Cyber XDR.
• Perform incident response activities: evidence collection, scoping, containment, eradication, recovery, and post-incident reporting.
• Conduct endpoint and host-based analysis (process trees, command-line execution, registry changes, scheduled tasks, persistence mechanisms, network connections).
• Correlate telemetry across endpoint, identity, network, and cloud sources to confirm malicious activity and reduce false positives.
• Execute response actions (e.g., isolate host, kill/quarantine process, block indicators, remove persistence, enforce policy changes) in accordance with playbooks and approvals.
• Develop and maintain detection and response playbooks/runbooks for common attack scenarios (phishing, suspicious PowerShell, credential dumping, suspicious service creation, etc.).
• Create and tune alerting rules, exclusions, and detections to improve signal quality and reduce noise while maintaining security coverage.
• Document investigations thoroughly: timelines, IOCs, impacted assets/users, actions taken, and recommendations for prevention.
• Support threat hunting activities using EDR/XDR telemetry and threat intelligence to identify suspicious patterns and proactively reduce risk.
• Participate in on-call rotation and shift-based SOC coverage as required.
• Research security enhancements and make recommendations for management.
• Stay up to date on information technology trends and security standards.
• Train, mentor, and guide teammates through direct comms and by hosting knowledge transfer calls.

• 2–4 years of experience in a SOC, incident response, cyber analyst or security operations role.
• 2–4 years of hands-on experience working with at least one (1) of the following:
  • Microsoft Defender for Endpoint (MDE)
  • CrowdStrike EDR
  • SentinelOne EDR
  • Stellar Cyber XDR
• Strong knowledge of attacker tactics and techniques aligned to MITRE ATT&CK, NIST, Lockhead Martin (e.g., persistence, privilege escalation, lateral movement, exfiltration).
• Solid understanding of Windows security fundamentals (event logs, authentication, common persistence locations) and basic Linux/macOS concepts.
• Familiarity with common security log sources and workflows (SIEM concepts, ticketing/case management, escalation processes).
• Ability to write clear incident documentation and communicate findings to both technical and non-technical stakeholders.
• Experience handling sensitive information and following documented procedures and change controls.
• Strong knowledge of the Windows and Linux operating systems.
• Ability to establish and maintain a strong level of customer trust and confidence.

• Experience with Microsoft security ecosystem (e.g., Defender for Identity, Defender for Cloud, Entra ID/Azure AD sign-in logs).
• Basic scripting/automation skills (PowerShell, Python, or Bash) for investigation and enrichment tasks.
• Familiarity with network security concepts, protocols (TCP/UDP, DNS, HTTP/S, TLS, proxies, VPNs), and packet/log analysis.
• Threat hunting experience and building detections based on behavioral analytics.
• Experience with vulnerability management and remediation tracking.
• MSSP experience.
• A bachelor’s/master's degree in cyber security or related field, or equivalent level of experience within IT.
• Security certifications (nice-to-have): Security+, CySA+, GCIH, GCIA, SC-200, or equivalent.

The target salary for this role is $100,000 per year and will operate in a fully remote model.  If you are a quick learner with strong problem-solving skills and are able to work in a pressurized environment with conflicting priorities, we want to hear from you!