Remote Cyber Analyst jobs – Full‑Time Security Analyst (SIEM & Incident Response) – Kokomo, Indiana – $120k‑$150k – Senior‑Level Opportunity

TITLE:Remote Cyber Analyst jobs – Full‑Time Security Analyst (SIEM & Incident Response) – Kokomo, Indiana – $120k‑$150k – Senior‑Level Opportunity --- Why we’re hiring nowOur Security Operations Center (SOC) in Kokomo, Indiana has just completed a major migration to a hybrid‑cloud environment. That shift doubled the volume of log data we ingest, and our detection‑to‑response time slipped from 20 minutes to 30 minutes on average. The leadership team set a hard goal: cut the mean time to acknowledge (MTTA) back to under 20 minutes within the next six months while keeping our false‑positive rate below 3 %.To hit those numbers we need an experienced cyber analyst who can own the end‑to‑end incident workflow, mentor junior staff, and champion automation across our toolchain. Our story, in a nutshell Since 2017, the company behind the software you use daily (think SaaS collaboration, remote work tools, and a handful of B2B platforms) has been expanding its product suite from a single‑tenant offering to a multi‑tenant, container‑orchestrated architecture. Security grew from a three‑person team in the basement of our Kokomo, Indiana office to an eight‑analyst, 24‑hour SOC that now covers three continents.We’ve survived two ransomware attempts, a supply‑chain compromise, and an ongoing wave of credential‑stuffing attacks. Each incident taught us a lesson that we turned into a new playbook, a dashboard, or a Python automation script. The team you’ll join - Size: 8 full‑time security analysts (including 2 senior investigators) + 3 threat‑intel researchers - Coverage: 24 × 7, with a 30‑minute SLA for initial alert acknowledgment and a 2‑hour SLA for first‑time containment - Metrics: In the last fiscal year we lowered the average incident resolution time by 15 % and improved detection coverage to 96 % of high‑risk events - Culture: We run daily “stand‑up huddles” at 9 am Kokomo time, weekly “post‑mortem debriefs,” and a monthly “pizza‑and‑learn” where anyone can present a new technique > “I still remember the night we caught the ransomware drip‑feed because our analyst built a custom Splunk query in a coffee‑break.It saved the company a week of downtime and taught me the power of curiosity.” – Jordan,Senior Security Engineer, Kokomo, Indiana What a day looks like (remote, but anchored to Kokomo, Indiana) 1. Morning triage (9:00‑10:30 Kokomo time) – Review the SIEM dashboard (Splunk + Azure Sentinel), prioritize alerts based on risk scoring, and assign the top three to the incident response queue. 2. Investigation sprint (10:30‑12:30) – Pull packet captures from Wireshark, run YARA rules against the Elastic Stack, and if needed fire off a Metasploit exploit in a sandbox to confirm the payload.3. Lunch break (12:30‑13:15) – We encourage stepping away from the screen, and our “virtual coffee club” syncs people across time zones. 4. Response & remediation (13:15‑15:45) – Use Palo Alto Cortex XSOAR playbooks to isolate compromised hosts, push a PowerShell script to rotate secrets, and document every step in ServiceNow. 5. Automation & tune‑up (15:45‑17:00) – Build or refine Python automations, tweak the Tenable vulnerability scanner policies, and update the detection library in the internal knowledge base.6. Wrap‑up (17:00‑17:30) – Update the shift handoff log, flag any open tickets for the night‑shift analyst, and post a quick “what‑we‑learned” note on the team Slack channel. The schedule flexes for different time zones, but the rhythm stays the same: triage, deep‑dive, contain, automate, share. Core responsibilities - Alert triage & enrichment – Consume feeds from Splunk, Azure Sentinel, Elastic, and proprietary log parsers; enrich with threat‑intel from MISP and open‑source feeds. - Incident investigation – Perform forensic analysis on Windows, Linux, and container environments; extract artifacts with Volatility, examine network flows in Wireshark, and reconstruct attack timelines.- Containment & eradication – Execute playbooks in Palo Alto Cortex XSOAR, write custom scripts in Python/PowerShell, and coordinate with engineers to patch vulnerabilities identified by Tenable or Nessus. - Root‑cause analysis – Publish post‑mortems that include quantitative impact (e.g., “saved $250k in downtime”), lessons learned, and actionable recommendations. - Automation development – Build reusable detection queries, develop automated enrichment pipelines, and contribute code to our internal GitHub repos (Python, Bash, YAML).- Metrics & reporting – Track MTTA, MTTR, false‑positive rates, and produce weekly KPI dashboards for leadership in Tableau. - Mentorship – Guide junior analysts on log analysis, teach best practices for OSINT, and lead the quarterly “SOC Skills Lab.” Tools you’ll be using (8‑12 core) 1. Splunk Enterprise (search, dashboards, alerts) 2. Azure Sentinel (cloud SIEM) 3. Elastic Stack (ELK) for log aggregation 4. Palo Alto Cortex XSOAR (playbooks, orchestration) 5. Wireshark (packet capture & analysis) 6. Metasploit Framework (exploit verification) 7.Tenable.io & Nessus (vulnerability scanning) 8. Burp Suite (web app testing) 9. Python (automation scripts, data parsing) 10. PowerShell (Windows endpoint response) 11. ServiceNow (ticketing & workflow) 12. GitHub (code versioning, CI/CD) Who you are -Experience: 4‑7 years as a security analyst, security engineer, or penetration tester with a proven track record of handling incidents from detection to remediation. - Certifications (preferred, not required): CISSP, GSEC, OSCP, or equivalent. - Technical chops: Comfortable writing Python scripts to query APIs, using PowerShell for endpoint actions, and reading raw PCAP files in Wireshark.You can explain “why” a rule fires as clearly as “how” to fix it. - Analytical mindset: You treat every alert as a hypothesis, gather evidence, and make data‑driven decisions. - Communication: Able to write concise incident reports and present findings to both technical peers and non‑technical executives. - Collaboration: Thrive in a remote‑first environment but enjoy the “local vibe” of our Kokomo, Indiana team—joining the occasional in‑person meetup or quarterly off‑site. Why we’re different - Clear impact metrics:Your work feeds directly into a KPI board that the executive team reviews every month—no vague “make us safer” promises.- Automation first: 40 % of our incident response steps are already automated; you’ll expand that to 60 % within a year. -Career growth: We budget $5k per analyst for conferences (RSAC, Black Hat, SANS) and internal training, plus a mentorship track toward Lead Analyst or SOC Manager. -Remote flexibility with a home base: While the role is fully remote, we keep a small “hub” in Kokomo, Indiana for occasional live collaboration, and you’ll be part of that community. Compensation & benefits (full‑time) -Salary range: $120,000 – $150,000 base, commensurate with experience and certifications.- Bonus: Up to 12 % annual performance‑based bonus tied to incident‑reduction metrics. - Equity: Stock options that vest over four years. - Health: Medical, dental, vision with 100 % employer contribution for employee only. - Retirement: 401(k) with 5 % company match. - Time off: 25 vacation days + 10 public holidays; unlimited sick days. - Learning budget: $5,000 per year for certifications, conferences, or courses. - Equipment: Home office stipend ($2,000) plus optional ergonomic accessories. Application process (what to expect) 1.Resume & cover letter – Highlight a recent incident you owned, the tools you used, and the measurable outcome. 2. Phone screen (30 min) – With the hiring manager (based in Kokomo, Indiana) to discuss motivation and fit. 3. Technical assessment (take‑home) – A short case study where you analyze a mock log set in Splunk and write a concise incident report. 4. Live interview (90 min) – Two‑part: a deep‑dive technical conversation with a senior analyst, followed by a culture interview with the SOC lead. 5. Offer – If all goes well, we’ll extend a written offer within 5 business days.A final word from the team > “When I first joined, I was skeptical about working remotely for a security team that had a physical SOC. After six months, I can’t imagine a better blend of autonomy and camaraderie. The fact that we’re all tied to Kokomo, Indiana gives us a shared purpose, even when we’re miles apart.” – Maya, Junior Analyst, Kokomo, Indiana If you’re ready to own the full incident lifecycle, mentor the next generation of analysts, and see the direct impact of your work on our security posture, we’d love to hear from you.and help us turn data into decisive action. --- * We are an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.* Apply tot his job