Sr. Threat Operations Analyst

Job Summary

We’re hiring a Threat Detection Analyst to strengthen and scale our detection and response capabilities across Kaseya’s platforms. This role focuses on investigating security alerts, improving detection logic, and driving initiatives that enhance overall security posture. You’ll work across teams to identify threats, refine processes, and ensure effective monitoring and response to security events. Success in this role means consistently improving detection quality, reducing response time, and contributing to a more resilient security environment.

Roles & Responsibilities

• Investigate, triage, and respond to security alerts across multiple systems and environments
• Monitor networks, systems, and high-value assets to detect and respond to potential threats
• Analyze and prioritize security events based on severity, impact, and risk
• Improve detection capabilities by refining alert logic, tuning rules, and reducing false positives
• Document incidents, response actions, and workflows to support consistent operations
• Partner with internal teams (Engineering, IT, Risk) to coordinate response and remediation efforts
• Contribute to ongoing improvements in security monitoring, tooling, and processes
• Support incident response efforts and post-incident analysis

Required Qualifications

• 3–6 years of experience in a Security Operations Center (SOC), threat detection, or cybersecurity role
• Experience investigating and responding to security alerts in a production environment
• Experience working with SIEM, EDR, or similar security monitoring tools
• Experience analyzing security events and determining severity and impact
• Experience documenting incidents and maintaining investigation records

Preferred Qualifications

• Experience improving detection rules, alert tuning, or reducing false positives
• Familiarity with monitoring high-value assets or critical infrastructure
• Exposure to incident response processes or threat hunting
• Understanding of networking fundamentals and common attack patterns
• Relevant certifications (e.g., Security+, GSEC, BTL1, SSCP)
• Participation in cybersecurity communities, labs, or continuous learning initiatives