Remote Cybersecurity Analyst jobs – Burlington, North Carolina – Full‑Time InfoSec Analyst (Python, Splunk, AWS Security Hub) – $95k‑$115k – Junior‑to‑Mid‑Level

TITLE:Remote Cybersecurity Analyst jobs – Burlington, North Carolina – Full‑Time InfoSec Analyst (Python, Splunk, AWS Security Hub) – $95k‑$115k – Junior‑to‑Mid‑Level --- #### Who we are At Vanguard Edge, we’re a 150‑person software‑security consultancy that grew from a single‑person freelance operation to a multi‑discipline practice serving fintech, health‑tech, and municipal clients. Our headquarters live in Burlington, North Carolina, but most of the work we deliver happens over VPNs, cloud consoles, and a handful of shared terminals.Last quarter, a client in the Midwest suffered a ransomware intrusion that forced them to shut down three of their production lines for 48 hours. The incident cost them $1.2 million in lost revenue and forced a rapid compliance audit. The breach sparked a cross‑team review that highlighted a gap in real‑time detection and triage – that’s why we’re expanding our core Security Operations Center (SOC) in Burlington, North Carolina right now. We’re not looking for a “cyber‑guru” who knows every framework.We want someone who can roll up their sleeves, follow the playbook, and improve it when the data shows a better way. If you’ve spent the last two years digging into logs, hunting for anomalies, and working with ticketing tools, you’ll fit right in. #### Why this role exists today * The threat landscape in 2025 has shifted: supply‑chain attacks are 30 % more common than in 2023, according to the latest Verizon DBIR. * Our SOC volume has risen 42 % year‑over‑year – we now handle an average of 850 alerts per week, with a target mean‑time‑to‑detect (MTTD) of under 15 minutes and a mean‑time‑to‑respond (MTTR) of under 45 minutes.* One of our biggest enterprise clients in Burlington, North Carolina just migrated 40 % of their workloads to AWS, demanding continuous compliance monitoring (PCI‑DSS, HIPAA). * Our leadership has earmarked a $3.4 million budget for threat‑intel subscriptions and automated playbooks for the next 12 months. All of that means we need more hands on deck, and we need those hands to be comfortable working remotely while staying plugged into the rhythm of our Burlington, North Carolina team. #### What you’ll actually do (a day in the life) 1.Monitor the security stack – watch dashboards in Splunk Enterprise, Azure Sentinel, and AWS Security Hub for spikes, false positives, and patterns that deviate from baseline. 2. Investigate alerts – use Wireshark and Elastic Stack to collect packet captures, then pivot to endpoint logs (Windows Event Logs, Sysmon) and cloud‑trail data. 3. Run triage tickets – create, assign, and close incidents in ServiceNow, keeping SLA compliance at 99 % for the 4‑hour initial response window. 4. Perform basic threat‑hunting – write Python scripts (pandas, requests) and PowerShell cmdlets to pull IAM permission changes, examine DNS query logs, and search for IOCs reported by our threat‑intel feeds (Recorded Future, MISP).5. Document findings – produce concise post‑mortems in Confluence and share them on the nightly Slack channel #sec‑wrap‑up. 6. Assist the penetration testing team – when a scheduled pentest arrives, help set up the environment in Tenable Nessus, verify network segmentation, and verify that findings are reproduced before they’re handed off. 7. Collaborate on compliance – run quarterly audits of PCI‑DSS and HIPAA controls using the automated checks in Qualys and the manual artifact collection in GitHub.8. Participate in on‑call rotation – you’ll be on call one week out of four, with a hand‑off hand‑book that defines the escalation path to our senior security engineer (who lives two blocks away from the downtown Burlington office, should you ever want to meet in person). #### Tools you’ll be using (our current toolbox) * Splunk Enterprise * Azure Sentinel * AWS Security Hub * Wireshark (network packet analysis) * Elastic Stack (ELK) * Tenable Nessus & Qualys * Palo Alto Panorama (firewall policy) * Python (3.10+) & PowerShell * ServiceNow (incident & change management) * JIRA (tracking of security tickets) * GitHub (code review & policy as code) * Confluence & Slack (knowledge sharing) You don’t need to be an expert in every product, but you should be comfortable navigating at least six of them and have a willingness to learn the others.#### What we measure * Alert response time – average under 18 minutes for “high” priority. * Incident resolution time – keep MTTR below 42 minutes, measured monthly. * False‑positive rate – aim for ≤ 12 % of total alerts, tracked in Splunk. * Compliance coverage – 100 % of required controls documented and re‑tested each quarter. * Team health – we run a quarterly “pulse” survey; we expect at least an 80 % satisfaction score on workload balance. These metrics are posted on a public scoreboard inside the SOC, and we review them together during our weekly “War Room” stand‑up at 09:30 AM Central (the time zone of Burlington, North Carolina).#### Who you are | Requirement | Details | |--------------|---------| | Experience | 2‑4 years in a SOC, Blue‑Team, or related InfoSec analyst role. Experience handling 400+ alerts per week is a plus. | | Education | Bachelor’s in Computer Science, Information Security, or equivalent work experience. Certifications (CISSP, GSEC, CompTIA Security+) add credibility but are not mandatory. | | Technical Skills | • Proficient in Splunk query language (SPL). • Familiar with Azure Sentinel KQL. • Comfortable writing Python scripts for log parsing.• Basic knowledge of cloud IAM (AWS, Azure). | | Soft Skills | • Clear written communication – you’ll be drafting incident summaries for both technical and executive audiences. • Ability to stay calm when a breach spikes during off‑hours. • Willingness to mentor junior analysts (our team currently includes three analysts, one senior engineer, and a SOC manager). | | Location | Must be legally authorized to work in the United States. The role is remote, but you should be comfortable aligning your schedule with the core hours of our Burlington, North Carolina office (07:00 – 15:00 CST).| | Availability | Full‑time (40 hrs/week). Part‑time candidates may be considered if they can cover at least 30 hrs/week and commit to the on‑call rotation. | #### What we offer – the real stuff * Salary – $95,000 – $115,000 USD base, paid bi‑weekly. * Bonus – up to 10 % annual performance bonus tied to the metrics above. * Benefits – Medical, dental, vision, 401(k) match up to 4 %, and a flexible spending account. * Remote stipend – $200 per month for home‑office equipment, internet, or coworking space near Burlington.* Learning budget – $2,500 per year for certifications, conferences (Black Hat, RSA), or online courses (Pluralsight, Cybrary). * Paid time off – 15 days of vacation + 10 days of sick leave, plus US federal holidays. * Mental‑health support – access to an Employee Assistance Program and quarterly “well‑being workshops.” We’re not a “tech startup” that promises equity in a product that hasn’t shipped. We’re a profitable services firm that invests a predictable portion of revenue back into the team. The numbers aren’t hidden: our FY‑24 revenue was $28 million, with a 12 % profit margin, and we have a stable client pipeline that will keep the SOC busy for at least the next 24 months.#### A human moment > “I still remember the night we detected an unauthorized SSH key on a client’s production server. It was 2 am, my coffee was cold, and my teammate in Burlington messaged me a meme about ‘when your alerts scream louder than your alarm clock.’ We worked side‑by‑side on a shared screen, and by 4 am the breach was contained. That moment reminded me why I stay in security – you get to protect real people’s work and sleep.” – Ari Patel, SOC Manager #### How we work together Even though the position is remote, we meet twice a month for a virtual “coffee‑catch‑up” where the team shares non‑technical wins (new hobbies, pet stories).Once a quarter we host a “Security Jam” – a 4‑hour, collaborative workshop where analysts, engineers, and product owners prototype a new detection rule or automation script. The session is recorded and posted to our internal GitHub repo, so you can contribute even if you’re not in the room. Our Slack workspace is organized by function: #sec‑alerts, #sec‑hunts, #sec‑compliance, #sec‑fun. The #sec‑fun channel is where you’ll find jokes about phishing (the classic “your account has been compromised – click here”) and occasional gifs of cats stealing keyboards.We keep the culture light because the work can be intense. #### Application process 1. Submit your resume – make sure it includes the tools listed above; we do a quick keyword scan for Splunk, Python, and Azure. 2. Phone screen (15 min) – with our Talent Acquisition Lead, focusing on your current responsibilities and why you prefer remote work. 3. Technical interview (60 min) – a live Splunk query exercise and a short Python script to parse a sample log file. You’ll share your screen; we’ll walk through your thought process.4. Team interview (45 min) – a casual conversation with two analysts and our SOC Manager. Expect a few scenario questions (e.g., “What would you do if an alert spikes while you’re on a vacation day?”). 5. Offer – if everything aligns, we’ll send an offer letter within 3 business days, outlining salary, benefits, and start date. If you’re ready to protect organizations from the threats that keep executives up at night, and you enjoy the rhythm of a remote SOC that still feels anchored to Burlington, North Carolina, we’d love to hear from you.--- Vanguard Edge is an equal‑opportunity employer. We celebrate diversity and are committed to building a team that represents a variety of backgrounds, perspectives, and skills. If you need accommodation during any part of the hiring process, let us know. * Let's make the digital world a little safer, one alert at a time.* Apply tot his job