Random Trees - Cyber Data Analyst

Role Summary:

The Cyber Data Analyst transforms security telemetry into actionable insights that strengthen threat detection, reduce risk, and improve security decision- making. This role aggregates data from SIEM, EDR, vulnerability scanners, cloud platforms, and identity systems to produce analytics, dashboards, and reports that support cybersecurity operations, incident response, and exposure management.

Key Responsibilities:

Security Data Analysis:

- Analyze logs, alerts, and telemetry from SIEM, EDR, NDR, CASB, IAM, cloud security, and vulnerability tools to identify anomalies, trends, and emerging risks.

- Correlate events across multiple data sources to support investigations, threat hunting, and risk assessments.

- Conduct baseline and behavioral analytics to detect deviations, insider threats, and suspicious activity.

Data Integration & Modeling:

- Ingest, cleanse, normalize, and enrich cybersecurity data from diverse platforms.

- Build and maintain data models, lookup tables, and reference mappings (assets, users, applications, business units).

- Ensure data quality, completeness, and consistency across security sources.

Reporting & Visualization:

- Develop dashboards, scorecards, and automated reports for SOC, security engineering, leadership, and compliance teams.

- Create metrics and KPIs (MTTR, alert volumes, exposure trends, endpoint coverage, detection health).

Threat & Risk Insights:

- Identify critical risks such as recurring vulnerabilities, compromised accounts, behavioral anomalies, or attack surface gaps.

- Support exposure management by correlating vulnerabilities with asset criticality and threat intelligence.

Support for SOC, IR, and Engineering:

- Provide analytical support during security incidents (timeline reconstruction, data extraction, enrichment, event mapping).

- Partner with engineering teams to improve logging, telemetry, and detection coverage.

Continuous Improvement:

- Recommend enhancements to data pipelines, detection logic, dashboards, and monitoring.

- Document analytical processes, data definitions, and knowledge assets.

Required Qualifications:

Experience:

- 2-5+ years in cybersecurity analytics, SOC, threat detection, vulnerability management, or security engineering with a strong data focus.

Technical Skills:

- Strong SQL querying skills and experience with Python for analysis/automation.

- Proficiency with BI tools (Power BI, Tableau, Looker) and data modeling concepts.

- Hands- on experience with SIEM platforms (Splunk, Microsoft Sentinel, QRadar, etc.).

- Familiarity with EDR/NDR, cloud security tools, vulnerability scanners (Tenable, Qualys), and identity platforms (AD/Entra, IAM/PAM).

- Understanding of TCP/IP, logs (Windows/Linux), authentication events, and common attack patterns.

Domain Knowledge:

- Knowledge of cybersecurity frameworks (MITRE ATT&CK, NIST CSF).

- Understanding of detection engineering, incident response, and exposure/risk management.

Soft Skills:

- Strong analytical thinking, problem- solving, and ability to interpret complex datasets.

- Excellent communication and data- storytelling capabilities.

- Ability to collaborate with SOC analysts, engineers, and business stakeholders.

Preferred Qualifications:

- Experience with cloud platforms (AWS, Azure, GCP) and cloud logging.

- Knowledge of automation/orchestration (SOAR, Python scripts).

- Familiarity with CMDB, asset inventories, and data governance concepts.

- Understanding of machine learning basics for anomaly detection (optional).

Core Competencies:

- Analytical Rigor - Ability to process and interpret large, noisy security datasets.

- Data Quality Mindset - Ensures accuracy, consistency, and completeness of security data.

- Threat- Informed Thinking - Aligns analysis to threat actor behaviors and real- world risks.

- Outcome- Focused - Prioritizes insights that reduce risk and strengthen security posture.