Logo for BigBear.ai

Cyber Security Operations Analyst II

Role overview

Qualifications

  • 8+ years of experience in security operations, incident response, or related field
  • Hands-on experience with SIEM, EDR, and network security tools
  • Strong understanding of threat actors, attack techniques (MITRE ATTCK), and incident response best practices
  • Excellent written and verbal communication skills

Responsibilities

  • Monitor and triage alerts from SIEM, EDR, email security, and other monitoring tools
  • Lead response for medium-to-high severity incidents
  • Tune and maintain SIEM, EDR, and other security platforms to improve detection fidelity
  • Act as a liaison between security operations and IT/business units

About the company

BigBear.ai logo

BigBear.ai

Artificial Intelligence & Machine Learning Services

BigBear.ai’s mission is to deliver clarity for the world’s most complex decisions. BigBear.ai’s AI-powered, decision intelligence solutions are leveraged in three core markets: global supply chains & logistics, autonomous systems and cyber. BigBear.ai’s customers, which include the US Intelligence Community, Department of Defense, the US Federal Government, as well as complex manufacturing and warehouse operations, distribution, and healthcare and life sciences, all rely on BigBear.ai’s solutions to empower leaders to decide on the best possible scenario by creating order from complex data, identifying blind spots, and building predictive outcomes.

Company details

Company typeSME
IndustryArtificial Intelligence & Machine Learning Services
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Overview:

BigBear.ai is seeking a Cybersecurity Operations Analyst to join our team. In this role, you will serve as the primary escalation point for security alerts, incidents, and threat investigations. You will analyze, contain, and remediate security events, working closely with IT and business teams to protect our systems, data, and users.As part of a small team, you will have the opportunity to own multiple aspects of security operations, including monitoring security systems, responding to events, refining detection processes, and driving continuous improvements to our defensive capabilities. This is a chance to make a real impact and mature our security operations program. 

What you will do:
  • Threat Detection & Investigation
    • Monitor and triage alerts from SIEM, EDR, email security, and other monitoring tools.
    • Investigate escalated alerts from MSSP or automated detections.
    • Perform threat hunting based on IOCs, suspicious activity, and threat intelligence.
  • Incident Response
    • Lead response for medium-to-high severity incidents.
    • Conduct root cause analysis and document findings in post-incident reports.
    • Coordinate with internal teams to contain and eradicate threats.
  • Security Tool Management
    • Tune and maintain SIEM, EDR, and other security platforms to improve detection fidelity.
    • Develop custom detection rules, dashboards, and reports.
  • Vulnerability & Risk Management
    • Lead the lifecycle of vulnerability management, from scanning and analysis to remediation tracking.
    • Validate and prioritize vulnerabilities based on their exploitability and potential impact to business operations.
    • Work directly with IT teams to provide guidance and technical recommendations for patching and configuration changes.
    • Track remediation efforts to ensure vulnerabilities are addressed in a timely manner.
  • Collaboration & Communication
    • Act as a liaison between security operations and IT/business units.
    • Provide technical guidance to Tier 1 analysts.
    • Communicate security findings and recommended actions to stakeholders in clear, non-technical language.
  • Continuous Improvement
    • Recommend and implement process and tooling enhancements.
    • Maintain and refine incident response runbooks and escalation procedures.
What you need to have:
  • 8+  years of experience in security operations, incident response, or related field.
  • Hands-on experience with SIEM, EDR, and network security tools.
  • Strong understanding of threat actors, attack techniques (MITRE ATT&CK), and incident response best practices.
  • Ability to analyze logs, packets, and system behavior to detect and investigate malicious activity.
  • Excellent written and verbal communication skills.
What we'd like you to have:
  • Experience in a small-team environment with cross-functional responsibilities.
  • Familiarity with cloud security monitoring (AWS, Azure, or GCP).
  • Industry certifications such as Security+, CySA+, GCIH, GCIA, or similar.
  • Scripting skills (Python, PowerShell, or Bash) for automation.
About BigBear.ai:

BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai’s predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.

 

BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.

 

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Operations Center (SOC) Analyst Related jobs

Other jobs at BigBear.ai

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.