Your browser cookies must be enabled in order to apply for this job. Please contact if you need further instruction on how to do that.

Security Analyst Team Lead

IT | Denver, CO | Full Time

Job Description

Have you been working in IT security for over 5 years and want to focus on leading a Security Analyst team? DirectDefense is looking for a Security Analyst Team Lead who excels at security research, threat detection, mentoring other Security Analysts, planning, and the ability to communicate with non-security professionals.

DirectDefense’s mission is to provide quality cybersecurity services to our customers. Your responsibilities as a Security Analyst Team Lead involve handling diverse security-related tasks and issues for our growing Security Operations service. From security research to keeping up with the latest threats and trends in security, you will be tasked with understanding and resolving a variety of potential security issues across multiple infrastructures. As a Security Analyst Team Lead, you will also handle the investigation of events to provide clear and concise reports for technical and business audiences that include your recommendations for threat mitigation. In addition to working directly with customers, you will also be working with the DirectDefense Development team to continuously improve and refine the Security Operations service.

If you’re excited to move to a position where you can be lead a team that focuses on security, provides security across a multitude of industries, and gain a wide range of experiences, apply for our Security Analyst Team Lead position!


  • Serve as subject matter expert for pre-sales opportunities
  • Serve as primary onboarding specialist for onboarding new clients, while fostering growth amongst the team to also perform these duties
  • Maintain schedule for MSP services shifts
  • Maintain communication and team related goals to meet MSP team objectives and related customer support events
  • Provide feedback and communication to management on team performance and staffing needs
  • Maintain continuity and expectations for office culture, such as, days to be present and in office work schedule
  • Monitoring and analyzing logs and alerts from a variety of different technologies (IDS/IPS, Firewall, Proxies, Anti-Virus, SIEM, etc…), across multiple platforms
  • Assessing the security impact of security alerts and traffic anomalies on networks
  • Creating comprehensive security write-ups which articulate security issues, analysis and remediation techniques
  • Escalating and explaining security incidents
  • Maintaining a strong awareness and understanding of the current threat landscape
  • Conducting research on emerging security threats
  • Monitor information security alerts though the use of SIEM to respond, triage, and escalate as needed
  • Review and respond to security events that are detrimental to the overall security posture; analyze and detect sophisticated and nuanced attacks, discern false positives
  • Perform day-to-day security log review and analysis in adherence with SOX & PCI requirements, as well as industry security best practices.
  • Technical analysis of network activity, monitors and evaluates network flow
  • Responsible for reporting, escalating, and remediating anomalous events based on the established protocol
  • Participate in root cause analysis of critical events for improving preventative and reactive processes
  • Works with senior leadership to tune and maintain the SIEM (Security Information and Event Management) as needed; develop SIEM use cases to enhance monitoring capabilities
  • Responsible for gathering and responding to all assessment / audit requests for information
  • Accumulate IOC’s from intel sources and configure scans across end points.

Required Skills:

  • Minimum 7-10 years information security experience in Security Operations or related technical security function
  • Minimum 3 years of experience in a team lead or management role
  • Minimum 3 years of experience in working with external customers
  • Experience in handling security incidents, to include reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs) with a strong desire to apply this experience to the automation of security operations
  • Experience identifying malicious attackers, and understanding attack vectors, threat tactics, and attacker techniques
  • Experience with enterprise information security data management tools