WorkWayWorkWay
Get Started
Abnormal logo
Abnormal

Senior Cyber Defense Analyst

Remote - USAFull-TimeSeniorAnalyst

Skills

PythonShell scriptingAWSKubernetesSplunkGitHubJiraSecurityDocumentation

You will be redirected to the company career page

About the Role

  • We at Abnormal AI are  looking for a hands-on Security Operations/ Cyber Defense Analyst who thrives in a fast-paced, engineering-driven environment. You’ll be responsible for monitoring, investigating, and responding to security alerts across cloud, endpoint, identity, and application layers. You’ll work closely with detection engineers, cloud security, and IT teams to protect our hybrid environment from threats in real time.

Key Responsibilities

  • Detection & Triage:
  • Monitor alerts from tools like SIEM, EDR, IAM, CSPM, CDR etc.
  • Perform initial triage, enrichment, and correlation across multiple data sources.
  • Identify false positives and fine-tune rules with detection engineering.
  • Incident Response:
  • Lead containment, eradication, and recovery for endpoint, cloud, and identity incidents.
  • Document and communicate incidents through SOAR/Jira/ServiceNow workflows.
  • Perform root cause analysis and propose permanent preventive controls.
  • Threat Hunting & Analysis:
  • Proactively hunt using hypotheses mapped to MITRE ATT&CK.
  • Investigate anomalies across CloudTrail, Okta, GitHub, and other telemetry sources.
  • Collaborate with threat intelligence to identify emerging TTPs.
  • Automation & Process Improvement:
  • Build or enhance playbooks in SOAR (Torq or equivalent).
  • Create custom enrichment scripts and automations (Python, Bash, etc.).
  • Suggest new detection logic and operational improvements.
  • Reporting & Metrics:
  • Track and report operational metrics (MTTD, MTTR, incident categories).
  • Maintain documentation and lessons learned.
  • Monitor alerts from tools like SIEM, EDR, IAM, CSPM, CDR etc.
  • Perform initial triage, enrichment, and correlation across multiple data sources.
  • Identify false positives and fine-tune rules with detection engineering.
  • Lead containment, eradication, and recovery for endpoint, cloud, and identity incidents.
  • Document and communicate incidents through SOAR/Jira/ServiceNow workflows.
  • Perform root cause analysis and propose permanent preventive controls.
  • Proactively hunt using hypotheses mapped to MITRE ATT&CK.
  • Investigate anomalies across CloudTrail, Okta, GitHub, and other telemetry sources.
  • Collaborate with threat intelligence to identify emerging TTPs.
  • Build or enhance playbooks in SOAR (Torq or equivalent).
  • Create custom enrichment scripts and automations (Python, Bash, etc.).
  • Suggest new detection logic and operational improvements.
  • Track and report operational metrics (MTTD, MTTR, incident categories).
  • Maintain documentation and lessons learned.

Required Skills & Qualifications

  • 5-7 years of hands-on SOC or Incident Response experience in a cloud-first or hybrid environment.
  • Strong understanding of attacker lifecycle, MITRE ATT&CK, and threat actor TTPs.
  • Experience with EDR (CrowdStrike preferred), SIEM (Splunk preferred), and SOAR (Torq, XSOAR, or Phantom).
  • Familiarity with AWS, Okta, and SaaS platforms.
  • Proficiency in writing queries and automations using Python, SPL, or equivalent.
  • Excellent analytical and investigative skills — capable of operating independently with minimal hand-holding.
  • Strong documentation and communication skills for technical and executive audiences.

Nice to Have

  • Experience with CSPM/CDR/VM tools.
  • Knowledge of Containers and Kubernetes security.
  • Relevant certifications like CEH, Security+, GCIH, GCIA, or AWS Security Specialty.

What Success Looks Like

  • You consistently deliver high-quality triage with minimal false positives.
  • You automate repetitive tasks instead of manually doing them twice.
  • You can take a vague alert and turn it into a well-documented case with actionable findings.
  • #LI-EM5
  • You make measurable improvements to detection coverage, response time, or tooling maturity.
  • At Abnormal AI, certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits. Individual compensation packages are based on factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons.
  • Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here. If you would like more information on your EEO rights under the law, please click here.

Job Summary

CompanyAbnormal
LocationRemote - USA
TypeFull-Time
LevelSenior
DomainAnalyst

Similar roles you might like

WIZELINE logo
WIZELINE

SR Data Analyst (Sigma)

ColombiaFull-Time
Analyst
SnowflakeAWSDatadogData analysisSecuritydbt
SoFi logo
SoFi

Senior Business Intelligence Analyst

UT - Cottonwood Heights; CA - San Francisco HQ; VA - Reston; TX - Frisco Full-Time
Analyst
Ownership
Stripe logo
Stripe

Data Analyst

USFull-Time
Analyst
PythonSQLSparkData analysisCode review

More roles at Abnormal

Abnormal logo
Abnormal

Mid-Market Account Executive - DFW

Remote - USAFull-Time
Accounts / Finance
SecurityOwnership
Abnormal logo
Abnormal

People Operations Specialist

Remote - USAFull-Time
Talent / HR
ConfluenceProblem solvingMentoringDocumentationOwnershipEmbeddings
Abnormal logo
Abnormal

Senior Software Engineer - Backend - Multi-Product Platform (Customer Journey)

Hybrid - Bangalore, IndiaFull-Time
Backend
PythonGoPostgreSQLSecurityOwnershipAirflow
Senior Cyber Defense Analyst at Abnormal (Remote - USA) | WorkWay