Cyber Defense Analyst- Remote
BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio.
Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.
The Role
BeyondTrust is a global leader in privileged access management. Our products provide remote access and privileged control capabilities that are deployed across thousands of enterprise environments worldwide. That makes us a high-value target.
Nation-state actors, ransomware operators, and sophisticated threat groups actively target companies like oursânot just to compromise our corporate environment, but to reach the customers who trust our software to protect their most sensitive systems. A compromise of BeyondTrust is a compromise of the privileged access layer inside our customersâ networks. We take that responsibility seriously.
As a SOC Analyst on our Cyber Defense Operations team, you will serve as a front-line defender responsible for protecting both BeyondTrustâs enterprise infrastructure and the integrity of the products our customers depend on. You will monitor, investigate, and respond to security events in an environment where the stakes are real and the adversaries are capable. You will work alongside experienced threat hunters, incident responders, and detection engineers in a collaborative team that values sharp analytical thinking over checkbox compliance.
This team is building toward an AI-augmented operating model. You will be expected to use AI-driven tools in your daily work and to contribute to how we integrate these capabilities into our detection, triage, and response workflows. We are not looking for people who are waiting to be told what to doâwe are looking for people who want to build something.
What Youâll Do
Alert Triage & Monitoring
⢠Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
⢠Investigate alerts to determine scope, severity, and whether escalation is warranted.
⢠Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
⢠Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.
Incident Response & Investigation
⢠Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
⢠Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow dataâspanning both corporate and product infrastructure.
⢠Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
⢠Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
⢠Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.
Detection Engineering & Threat Intelligence
⢠Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms, with a focus on reducing false positives and closing coverage gaps.
⢠Translate threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, with particular attention to threats targeting privileged access tooling and supply chain attack vectors.
⢠Help maintain and evolve detection coverage mapped to MITRE ATT&CK.
⢠Partner with threat hunting peers to validate detection logic through hypothesis-driven hunts.
AI Integration & Automation
⢠Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
⢠Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the teamâs workflows.
⢠Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
⢠Partner with engineering teams to improve log ingestion, data quality, and tool integrations.
Operational Excellence
⢠Maintain daily operational notes and shift handoff documentation.
⢠Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
⢠Participate in on-call rotation for after-hours incident escalation.
⢠Track and report on operational metrics (MTTD, MTTR, MTTC, false positive rate) and identify improvement opportunities.
⢠Participate in tabletop exercis
Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.
The Role
BeyondTrust is a global leader in privileged access management. Our products provide remote access and privileged control capabilities that are deployed across thousands of enterprise environments worldwide. That makes us a high-value target.
Nation-state actors, ransomware operators, and sophisticated threat groups actively target companies like oursânot just to compromise our corporate environment, but to reach the customers who trust our software to protect their most sensitive systems. A compromise of BeyondTrust is a compromise of the privileged access layer inside our customersâ networks. We take that responsibility seriously.
As a SOC Analyst on our Cyber Defense Operations team, you will serve as a front-line defender responsible for protecting both BeyondTrustâs enterprise infrastructure and the integrity of the products our customers depend on. You will monitor, investigate, and respond to security events in an environment where the stakes are real and the adversaries are capable. You will work alongside experienced threat hunters, incident responders, and detection engineers in a collaborative team that values sharp analytical thinking over checkbox compliance.
This team is building toward an AI-augmented operating model. You will be expected to use AI-driven tools in your daily work and to contribute to how we integrate these capabilities into our detection, triage, and response workflows. We are not looking for people who are waiting to be told what to doâwe are looking for people who want to build something.
What Youâll Do
Alert Triage & Monitoring
⢠Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
⢠Investigate alerts to determine scope, severity, and whether escalation is warranted.
⢠Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
⢠Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.
Incident Response & Investigation
⢠Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
⢠Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow dataâspanning both corporate and product infrastructure.
⢠Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
⢠Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
⢠Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.
Detection Engineering & Threat Intelligence
⢠Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms, with a focus on reducing false positives and closing coverage gaps.
⢠Translate threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, with particular attention to threats targeting privileged access tooling and supply chain attack vectors.
⢠Help maintain and evolve detection coverage mapped to MITRE ATT&CK.
⢠Partner with threat hunting peers to validate detection logic through hypothesis-driven hunts.
AI Integration & Automation
⢠Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
⢠Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the teamâs workflows.
⢠Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
⢠Partner with engineering teams to improve log ingestion, data quality, and tool integrations.
Operational Excellence
⢠Maintain daily operational notes and shift handoff documentation.
⢠Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
⢠Participate in on-call rotation for after-hours incident escalation.
⢠Track and report on operational metrics (MTTD, MTTR, MTTC, false positive rate) and identify improvement opportunities.
⢠Participate in tabletop exercis