Security Analyst II

Other Jobs To Apply

No other job posts for this day.

<p>Foresite is seeking a <strong>Security Analyst II</strong> who has a passion for security, a keen eye for detail, and a drive to protect organizations from cyberattacks. It's more than just a job; it's a launching pad for your cybersecurity career and a first step towards an exciting future at Foresite.</p><p class="MsoNormal"><strong>What You'll Do:</strong></p><p class="MsoNormal">The <strong>Security Analyst II</strong> is a critical mid-level role within Foresite’s Security Operations Center. You will work inside our 24/7 Cyber Fusion Center, handling escalated security alerts, leading complex investigations for our managed customers across Google Security Operations (Chronicle) and our SOAR platform, and serving as a subject matter expert for the broader team. You will leverage your advanced knowledge of our detection stack and customer environments to resolve intricate threats and will act as a mentor and escalation point for our Analyst I team.</p><ul><li class="MsoNormal"><p><strong>Act as an escalation point</strong>: Serve as the primary point of escalation for our Tier 1 Analysts. You will handle complex event triage escalations, guide junior analysts through difficult dispositions, and provide decisive action on high-severity alerts.</p></li><li class="MsoNormal"><p><strong>Be a point of information and mentorship: </strong>Act as a knowledge resource for the Analyst 1 team. Answer questions regarding investigations, customer environments, and tool navigation to help upskill the shift.</p></li><li class="MsoNormal"><p><strong>Investigate incidents end-to-end: </strong>Review complex alert context, gather evidence from Chronicle UDM and supporting tools, reach a final disposition, and either close the ticket with a documented rationale or escalate to Tier 3/Incident Response with a clear handoff.</p></li><li class="MsoNormal"><p><strong>Optimize investigation playbooks: </strong>Follow established playbooks for the detection stack, but actively identify gaps, propose workflow improvements, and help draft new guidance alongside your Team Lead to improve overall SOC efficiency.</p></li><li class="MsoNormal"><p><strong>Communicate clearly in tickets: </strong>Every ticket you touch should be understandable by the next analyst, the customer, or an auditor reading it six months from now. Your written analysis is the primary artifact of your work and should set the standard for Tier 1 analysts.</p></li><li class="MsoNormal"><p><strong>Partner with customers: </strong>Lead communications through the ticketing system on routine and complex investigations, requests for information, and exclusion/suppression requests.</p></li><li class="MsoNormal"><p><strong>Meet SLA and quality targets: </strong>Consistently meet performance scorecards for time-to-resolve, triage accuracy, and ticket closure quality, setting a benchmark for the shift.</p></li><li class="MsoNormal"><p><strong>Contribute to detection fidelity: </strong>Actively hunt for noisy rules, false-positive patterns, and alert clusters. Submit highly detailed tuning requests and recommendations to the detection engineering team.</p></li><li class="MsoNormal"><p><strong>Participate in shift handoff: </strong>Brief the incoming shift on open investigations, anomalies observed, and escalated items waiting on customer response.</p></li></ul><p class="MsoNormal"></p><p class="MsoNormal"><strong>Who you are:</strong></p><ul><li class="MsoNormal"><p><strong>Experience: </strong>2–4 years of prior experience in a SOC, incident response, or dedicated cybersecurity role.</p></li><li class="MsoNormal"><p><strong>Advanced knowledge of core security concepts: </strong>Deep understanding of the cyber kill chain and MITRE ATT&CK framework, common attack vectors (phishing, credential abuse, malware delivery, lateral movement), and hands-on experience with detection, prevention, and response tactics.</p></li><li class="MsoNormal"><p><strong>Proficiency with a SIEM: </strong>You have hands-on experience navigating SIEM platforms. You understand how alerts are generated, how to build advanced search queries, and how to pivot seamlessly from an alert to supporting log evidence to build a timeline of events.</p></li><li class="MsoNormal"><p><strong>Strong written communication: </strong>You will be writing in tickets that customers read. Clear, concise, accurate writing is non-negotiable.</p></li><li class="MsoNormal"><p><strong>Attention to detail: </strong>False positives and true positives often look nearly identical. You are the analyst who reads the full log line, not the summary, and you teach others to do the same.</p></li><li class="MsoNormal"><p><strong>Ability to work an assigned shift on-site in Overland Park: </strong>including weekend and holiday coverage as scheduled.</p></li><li class="MsoNormal"><p>CompTIA Sec+, CompTIA CySA+, BTL1, or equivalent certification is required within 90 days of hire if not already held.</p></li></ul><p class="MsoNormal"><strong>Nice to Have</strong></p><ul><li class="MsoNormal"><p>Hands-on experience with Google Security Operations (Chronicle), Splunk, Elastic, or Microsoft Sentinel</p></li><li class="MsoNormal"><p>BS of IT Security or Cyber Security</p></li><li class="MsoNormal"><p>Familiarity with endpoint detection and response tools (CrowdStrike, SentinelOne, Defender for Endpoint, Carbon Black)</p></li><li class="MsoNormal"><p>Intermediate scripting or query experience (Python, PowerShell, SQL, or YARA-L/SIEM query languages) to assist with automation or custom searches.</p></li><li class="MsoNormal"><p>Prior MSSP or multi-tenant environment experience</p></li><li class="MsoNormal"><p>Additional advanced certifications: GCIA, GCIH, Google Cloud Security Engineer, or similar.</p></li></ul><p class="MsoNormal"></p><p class="MsoNormal"><strong>Why Join Foresite?</strong></p><p class="MsoNormal">We are a mission-driven partner helping organizations navigate an increasingly complex threat landscape. Founded by security practitioners, we’ve grown into a global leader in SecOps and MDR by staying true to our core value: <strong>radical transparency.</strong> When you join Foresite, you are part of a "humans-first" culture where your expertise is valued, and your well-being is a priority. We leverage our <strong>Google Cloud Premier SecOps Partnership</strong> to stay at the cutting edge, but we know that our greatest asset is our people.</p><p class="MsoNormal"><strong>What We Offer</strong></p><ul><li class="MsoNormal"><p><strong>Comprehensive Health & Wellness:</strong> Robust medical insurance options to keep you and your family healthy.</p></li><li class="MsoNormal"><p><strong>Employer-Covered Insurance:</strong> We fully provide employer-paid <strong>Dental</strong> coverage, as well as <strong>Short-Term (STD)</strong> and <strong>Long-Term Disability (LTD).</strong></p></li><li class="MsoNormal"><p><strong>Recharge & Refuel:</strong> We believe in a true work-life balance. You’ll start with <strong>3 weeks of paid vacation</strong>, plus <strong>additional sick leave</strong> and paid company holidays to ensure you have time to recharge.</p></li><li class="MsoNormal"><p><strong>Growth & Mentorship:</strong> Access to world-class training and mentorship. We support your career trajectory, whether you’re looking to deepen your technical skills or move into leadership.</p></li><li class="MsoNormal"><p><strong>Impactful Work:</strong> Help protect global clients using the latest AI-enhanced security tools and GCP native technologies.</p></li></ul>

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...