Overview
BigBear.ai is seeking aCybersecurity Operations Analyst to join our team. In this role, you will serve as the primary escalation point for security alerts, incidents, and threat investigations. You will analyze, contain, and remediate security events, working closely with IT and business teams to protect our systems, data, and users.As part of a small team, you will have the opportunity to own multiple aspects of security operations, including monitoring security systems, responding to events, refining detection processes, and driving continuous improvements to our defensive capabilities. This is a chance to make a real impact and mature our security operations program.
What you will do
- Threat Detection & Investigation
- Monitor and triage alerts from SIEM, EDR, email security, and other monitoring tools.
- Investigate escalated alerts from MSSP or automated detections.
- Perform threat hunting based on IOCs, suspicious activity, and threat intelligence.
- Incident Response
- Lead response for medium-to-high severity incidents.
- Conduct root cause analysis and document findings in post-incident reports.
- Coordinate with internal teams to contain and eradicate threats.
- Security Tool Management
- Tune and maintain SIEM, EDR, and other security platforms to improve detection fidelity.
- Develop custom detection rules, dashboards, and reports.
- Vulnerability & Risk Management
- Lead the lifecycle of vulnerability management, from scanning and analysis to remediation tracking.
- Validate and prioritize vulnerabilities based on their exploitability and potential impact to business operations.
- Work directly with IT teams to provide guidance and technical recommendations for patching and configuration changes.
- Track remediation efforts to ensure vulnerabilities are addressed in a timely manner.
- Collaboration & Communication
- Act as a liaison between security operations and IT/business units.
- Provide technical guidance to Tier 1 analysts.
- Communicate security findings and recommended actions to stakeholders in clear, non-technical language.
- Continuous Improvement
- Recommend and implement process and tooling enhancements.
- Maintain and refine incident response runbooks and escalation procedures.
What you need to have
- 8+ years of experience in security operations, incident response, or related field.
- Hands-on experience with SIEM, EDR, and network security tools.
- Strong understanding of threat actors, attack techniques (MITRE ATT&CK), and incident response best practices.
- Ability to analyze logs, packets, and system behavior to detect and investigate malicious activity.
- Excellent written and verbal communication skills.
What we'd like you to have
- Experience in a small-team environment with cross-functional responsibilities.
- Familiarity with cloud security monitoring (AWS, Azure, or GCP).
- Industry certifications such as Security+, CySA+, GCIH, GCIA, or similar.
- Scripting skills (Python, PowerShell, or Bash) for automation.
About BigBear.ai
BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai. BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.
|