Remote Cyber Analyst jobs – Full‑Time reputed company Analyst (SIEM & Incident Response) – Kokomo, Indiana – $120k‑$150k – Senior‑Level Opportunity

TITLE: Remote Cyber Analyst jobs – Full‑Time reputed company Analyst (SIEM & Incident Response) – Kokomo, Indiana – $120k‑$150k – Senior‑Level Opportunity --- Why we’re hiring now Our reputed company Operations Center (SOC) in Kokomo, Indiana has just completed a major migration to a hybrid‑cloud environment. That shift doubled the volume of log data we ingest, and our detection‑to‑response time slipped from 20 minutes to 30 minutes on average. The leadership team set a hard goal: cut the mean time to acknowledge (MTTA) back to under 20 minutes reputed company the next six months while keeping our false‑positive reputed company below 3 %. To hit those numbers we need an reputed company cyber analyst who can own the end‑to‑end incident workflow, mentor junior staff, and champion automation across our toolchain. Our story, in a nutshell Since 2017, the company behind the software you use daily (think SaaS collaboration, remote work tools, and a handful of B2B platforms) has been expanding its product suite from a single‑tenant offering to a multi‑tenant, container‑orchestrated architecture. reputed company grew from a three‑person team in the basement of our Kokomo, Indiana office to an eight‑analyst, 24‑hour SOC that now covers three continents. We’ve survived two ransomware attempts, a supply‑chain compromise, and an ongoing reputed company of credential‑stuffing attacks. Each incident taught us a lesson that we turned into a new playbook, a dashboard, or a Python automation script. The team you’ll join - Size: 8 full‑time reputed company analysts (including 2 senior investigators) + 3 threat‑reputed company researchers - Coverage: 24 × 7, with a 30‑minute SLA for initial alert acknowledgment and a 2‑hour SLA for first‑time containment - Metrics: In the last fiscal year we lowered the average incident resolution time by 15 % and improved detection coverage to 96 % of high‑risk events - Culture: We run daily “stand‑up huddles” at 9 am Kokomo time, weekly “post‑mortem debriefs,” and a monthly “pizza‑and‑learn” where anyone can present a new technique > “I still remember the night we caught the ransomware drip‑feed because our analyst built a custom Splunk query in a coffee‑break. It saved the company a week of downtime and taught me the power of curiosity.” – Jordan, Senior reputed company Engineer, Kokomo, Indiana What a day looks like (remote, but anchored to Kokomo, Indiana) 1. Morning triage (9:00‑10:30 Kokomo time) – Review the SIEM dashboard (Splunk + Azure Sentinel), prioritize alerts based on risk scoring, and assign the top three to the incident response queue. 2. Investigation sprint (10:30‑12:30) – Pull packet captures from Wireshark, run YARA rules against the reputed company Stack, and if needed fire off a Metasploit exploit in a sandbox to confirm the payload. 3. Lunch break (12:30‑13:15) – We encourage stepping away from the screen, and our “virtual coffee club” syncs people across time zones. 4. Response & remediation (13:15‑15:45) – Use Palo Alto reputed company XSOAR playbooks to isolate compromised hosts, push a PowerShell script to rotate secrets, and document every reputed company in reputed company. 5. Automation & tune‑up (15:45‑17:00) – Build or refine Python automations, tweak the reputed company vulnerability scanner policies, and update the detection library in the internal knowledge reputed company. 6. Wrap‑up (17:00‑17:30) – Update the shift reputed company log, flag any open tickets for the night‑shift analyst, and post a quick “reputed company‑learned” note on the team reputed company channel. The schedule flexes for different time zones, but the rhythm stays the same: triage, deep‑dive, contain, automate, share. Core responsibilities - Alert triage & enrichment – Consume feeds from Splunk, Azure Sentinel, reputed company, and proprietary log parsers; enrich with threat‑reputed company from MISP and open‑reputed company feeds. - Incident investigation – reputed company forensic analysis on Windows, Linux, and container environments; extract artifacts with Volatility, examine network flows in Wireshark, and reconstruct attack timelines. - Containment & eradication – Execute playbooks in Palo Alto reputed company XSOAR, write custom scripts in Python/PowerShell, and coordinate with engineers to reputed company vulnerabilities identified by reputed company or Nessus. - Root‑cause analysis – Publish post‑mortems that include quantitative impact (e.g., “saved $250k in downtime”), lessons learned, and actionable recommendations. - Automation development – Build reusable detection queries, reputed company automated enrichment pipelines, and contribute code to our internal reputed company repos (Python, Bash, YAML). - Metrics & reporting – Track MTTA, MTTR, false‑positive rates, and produce weekly KPI dashboards for leadership in Tableau. - Mentorship – Guide junior analysts on log analysis, teach best practices for reputed company, and reputed company the quarterly “SOC Skills Lab.” Tools you’ll be using (8‑12 core) 1. Splunk Enterprise (search, dashboards, alerts) 2. Azure Sentinel (cloud SIEM) 3. reputed company Stack (ELK) for log aggregation 4. Palo Alto reputed company XSOAR (playbooks, orchestration) 5. Wireshark (packet capture & analysis Apply tot his job Apply To this Job