Security Analyst (Cyber Defense Analyst)

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.

At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

AHEAD is seeking a Security Analyst to join our internal Platform Security team at the Chicago headquarters. This position contributes to the successful delivery of AHEAD’s information security program in order to assure AHEAD stakeholders and clients of strong operating controls. The security analyst is responsible for incident monitoring and reporting, coordinating company-wide security training and responding to client security questionnaires. A typical day will include reviewing and remediating alerts in our SIEM and working on information security-related projects. Responsibilities also include tracking the security posture of our mission critical technology vendors. Reporting directly to our Sr. Platform Security Manager, the ideal candidate must be a professional, collaborative team player that is comfortable working with people at all levels of the organization. Applicants should possess exceptional analytical, communication, follow-up and quality assurance skills along with an understanding of the Agile project management framework.

Responsibilites

• Monitor, triage, and analyze security alerts, telemetry, and log data across enterprise security platforms, including SIEM and other detection technologies.
• Perform in-depth analysis of exploits, attacker behavior, and anomalous activity across endpoint, identity, network, cloud, and application data sources.
• Review and correlate security events in the SIEM to identify threats, validate detections, and support timely incident declaration and escalation decisions.
• Document investigative findings, response actions, and evidence throughout the incident lifecycle, and provide timely status updates to leadership and stakeholders.
• Conduct proactive threat hunting and threat research to identify emerging risks, adversary techniques, and gaps in current detection coverage.
• Contribute to detection engineering and response automation efforts that improve Cyber Defense monitoring and containment capabilities.
• Support security tooling operations by helping maintain the effectiveness, reliability, and visibility of core defensive technologies used by the Cyber Defense team.
• Assist with the development and refinement of incident response processes, playbooks, workflows, and operational procedures to improve overall Cyber Defense effectiveness.
• Communicate intrusion activity, incident details, threat trends, and recommended actions clearly to internal stakeholders and leadership.
• Partner with infrastructure teams and system owners to review vulnerability findings, help prioritize remediation, and track closure of high-risk issues.

Qualifications

• 5+ years of experience in information security, ideally including direct experience in incident response, cyber defense, or security operations in a corporate or enterprise environment
• Hands-on experience with SIEM platforms, including creating and using searches, dashboards, alerts, and investigations; experience with CrowdStrike NG-SIEM strongly preferred
• Experience with Microsoft 365 security technologies, including Microsoft Defender XDR for email, identity, and collaboration platforms
• Basic knowledge of networking concepts and cloud environments, including AWS and Azure
• Foundational knowledge of Windows and macOS
• Strong written and verbal communication skills, including clear incident documentation and the ability to communicate technical findings to non-technical stakeholders in a global environment
• Familiarity with MITRE ATT&CK, NIST CSF, CIS Controls, or similar security frameworks is preferred
• Basic familiarity with scripting or query languages such as PowerShell, Python, or similar to support automation and analysis is preferred
• Experience supporting vulnerability management processes using tools such as Tenable and Wiz, including triage, validation, prioritization, and remediation tracking is preferred
• Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field

Certifications

• CCSP, GCIH, CySA+, GSEC, SSCP or similar cybersecurity certification required

Why AHEAD

Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.

We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.

India Employment Benefits include: Comprehensive health insurance coverage for employees, with options to extend coverage to dependents Paid time off and company holidays, along with additional leave benefits as per policy Flexible work arrangements, supporting work-life balance Learning and development opportunities to support continuous growth and upskilling Employee wellness initiatives and programs focused on physical and mental well-being Retirement and statutory benefits in line with India regulations Inclusive and people-first culture, with a strong focus on collaboration and ownership