Remote Cyber Analyst jobs – Full‑Time Security Analyst (SIEM & Incident Response) – Kokomo, Indiana – $120k‑$150k – Senior‑Level Opportunity

TITLE: Remote Cyber Analyst jobs – Full‑Time Security Analyst (SIEM & Incident Response) – Kokomo, Indiana – $120k‑$150k – Senior‑Level Opportunity --- Why we’re hiring now Our Security Operations Center (SOC) in Kokomo, Indiana has just completed a major migration to a hybrid‑cloud environment. That shift doubled the volume of log data we ingest, and our detection‑to‑response time slipped from 20 minutes to 30 minutes on average. The leadership team set a hard goal: cut the mean time to acknowledge (MTTA) back to under 20 minutes within the next six months while keeping our false‑positive rate below 3 %. To hit those numbers we need an experienced cyber analyst who can own the end‑to‑end incident workflow, mentor junior staff, and champion automation across our toolchain. Our story, in a nutshell Since 2017, the company behind the software you use daily (think SaaS collaboration, remote work tools, and a handful of B2B platforms) has been expanding its product suite from a single‑tenant offering to a multi‑tenant, container‑orchestrated architecture. Security grew from a three‑person team in the basement of our Kokomo, Indiana office to an eight‑analyst, 24‑hour SOC that now covers three continents. We’ve survived two ransomware attempts, a supply‑chain compromise, and an ongoing wave of credential‑stuffing attacks. Each incident taught us a lesson that we turned into a new playbook, a dashboard, or a Python automation script. The team you’ll join - Size: 8 full‑time security analysts (including 2 senior investigators) + 3 threat‑intel researchers - Coverage: 24 × 7, with a 30‑minute SLA for initial alert acknowledgment and a 2‑hour SLA for first‑time containment - Metrics: In the last fiscal year we lowered the average incident resolution time by 15 % and improved detection coverage to 96 % of high‑risk events - Culture: We run daily “stand‑up huddles” at 9 am Kokomo time, weekly “post‑mortem debriefs,” and a monthly “pizza‑and‑learn” where anyone can present a new technique > “I still remember the night we caught the ransomware drip‑feed because our analyst built a custom Splunk query in a coffee‑break. It saved the company a week of downtime and taught me the power of curiosity.” – Jordan, Senior Security Engineer, Kokomo, Indiana What a day looks like (remote, but anchored to Kokomo, Indiana) 1. Morning triage (9:00‑10:30 Kokomo time) – Review the SIEM dashboard (Splunk + Azure Sentinel), prioritize alerts based on risk scoring, and assign the top three to the incident response queue. 2. Investigation sprint (10:30‑12:30) – Pull packet captures from Wireshark, run YARA rules against the Elastic Stack, and if needed fire off a Metasploit exploit in a sandbox to confirm the payload. 3. Lunch break (12:30‑13:15) – We encourage stepping away from the screen, and our “virtual coffee club” syncs people across time zones. 4. Response & remediation (13:15‑15:45) – Use Palo Alto Cortex XSOAR playbooks to isolate compromised hosts, push a PowerShell script to rotate secrets, and document every step in ServiceNow. 5. Automation & tune‑up (15:45‑17:00) – Build or refine Python automations, tweak the Tenable vulnerability scanner policies, and update the detection library in the internal knowledge base. 6. Wrap‑up (17:00‑17:30) – Update the shift handoff log, flag any open tickets for the night‑shift analyst, and post a quick “what‑we‑learned” note on the team Slack channel. The schedule flexes for different time zones, but the rhythm stays the same: triage, deep‑dive, contain, automate, share. Core responsibilities - Alert triage & enrichment – Consume feeds from Splunk, Azure Sentinel, Elastic, and proprietary log parsers; enrich with threat‑intel from MISP and open‑source feeds. - Incident investigation – Perform forensic analysis on Windows, Linux, and container environments; extract artifacts with Volatility, examine network flows in Wireshark, and reconstruct attack timelines. - Containment & eradication – Execute playbooks in Palo Alto Cortex XSOAR, write custom scripts in Python/PowerShell, and coordinate with engineers to patch vulnerabilities identified by Tenable or Nessus. - Root‑cause analysis – Publish post‑mortems that include quantitative impact (e.g., “saved $250k in downtime”), lessons learned, and actionable recommendations. - Automation development – Build reusable detection queries, develop automated enrichment pipelines, and contribute code to our internal GitHub repos (Python, Bash, YAML). - Metrics & reporting – Track MTTA, MTTR, false‑positive rates, and produce weekly KPI dashboards for leadership in Tableau. - Mentorship – Guide junior analysts on log analysis, teach best practices for OSINT, and lead the quarterly “SOC Skills Lab.” Tools you’ll be using (8‑12 core) 1. Splunk Enterprise (search, dashboards, alerts) 2. Azure Sentinel (cloud SIEM) 3. Elastic Stack (ELK) for log aggregation 4. Palo Alto Cortex XSOAR (playbooks, orchestration) 5. Wireshark (packet capture & analysis