Description:.What are we looking for?
The Cybersecurity Operations Analyst supports and advances the organization’s Information Security program by protecting the enterprise against evolving cyber threats. This role is responsible for participating in incident response activities, investigating and analyzing security events, optimizing security controls, and collaborating cross functionally to strengthen the organization’s overall security posture.
The Cybersecurity Operations Analyst provides hands on technical leadership through proactive threat hunting and the continuous enhancement of detection and response capabilities. This position contributes to the ongoing evolution of Versant Health’s cybersecurity operations by leveraging leading security technologies, partnering with internal stakeholders, and staying current on emerging threats and attack methodologies.
Where you will have an impact
Security Hygiene & Control Validation
Routinely audit and validate security control coverage (e.g., XDR, ZTNA, DLP) to ensure tools are operating effectively and protect 100% of intended assets.
Partner with the SOC to ensure log integrity across security and non-security systems; validate alert scope, fidelity, and thresholds.
Monitor the health and performance of security tools, performing root cause analysis when agents fail or policies are not properly applied.
Incident Response, Event Monitoring, & Threat Hunting
Serve as the Tier 2 escalation point for the SOC and lead the full incident response lifecycle, from containment through recovery.
Conduct proactive threat hunting using threat intelligence, SOC findings, and behavioral analysis to identify threats that bypass automated controls.
Analyze threat intelligence to inform defensive strategies and continuously improve detection capabilities.
Collaborate with the SOC to develop, refine, and maintain incident response playbooks aligned to business context.
Monitor and analyze security alerts from SIEM, EDR, and other tools to identify and respond to potential threats.
Implement and enforce security controls, policies, and procedures to protect organizational assets.
Blue, Red, and Purple Team Activities
Engage in the development and execution of recurring security wargames, including scenario design and cross functional participation.
Actively participate in blue team activities focused on defensive security, detection, and incident response.
Collaborate in purple team exercises to validate detection and response effectiveness against real world attack scenarios.
Participate in internal red team exercises, penetration tests, and simulated attacks to identify security gaps and control weaknesses.
Perform adversary emulation by modeling tactics, techniques, and procedures (TTPs) of known threat actors.
Share insights, lessons learned, and intelligence across teams to continuously improve security posture.
Use findings from offensive testing to optimize SIEM rules, EDR/CASB/SWG policies, firewall configurations, and other security controls.
What’s necessary to do the job?
3+ years of experience in cybersecurity, with a focus on security operations and incident response
Technical Expertise
Bachelor’s degree from an accredited college or university or equivalent professional experience
Hands on experience administering and maintaining SIEM, EDR, and related security tools
Understanding of networking concepts, TCP/IP, Active Directory, DNS, DHCP, and network defense technologies
Proficiency with Windows, Linux, and macOS operating systems
Experience with cloud security platforms (e.g., AWS, Azure)
Knowledge of secure engineering principles and technical security testing methodologies.
Job type: Full‑time
Work mode: remote
To apply for this job please visit jobs.dayforcehcm.com.
