Cybersecurity Analyst l

Cybersecurity Analyst I (Contractor, 40 hrs/week)

Doma is looking for a Cybersecurity Analyst l to join our team as a contractor working 40 hours per week working from 10:00 EST to 7:00 EST (1 hour lunch break). This position is responsible for understanding, identifying, and reporting on the organization's privacy and security requirements.

At Doma we’re re‑architecting the closing experience to make home ownership simple and transparent for everyone. Security is at the heart of that mission. As a Cybersecurity Analyst you’ll safeguard technology ecosystems, collaborate with teams to spot threats before they strike, and help shape a security culture people are proud to champion. If you crave purpose, autonomy, and the chance to see your work immediately improve real lives, this is your seat at the table.

Responsibilities

Incident Response & Investigations

• Triage, contain, and eradicate security incidents end‑to‑end—owning SIEM alerts all the way through root‑cause analysis and executive read‑outs.
• Correlate logs with Kusto Query Language (KQL) in SIEM tools to uncover patterns others miss.
• Maintain an investigation playbook repository and publish post‑incident lessons learned within 24 hours.

Phishing Awareness & Human‑Risk Reduction

• Design data‑driven phishing simulations each month, segmenting by risk tier and driving click‑rates below 5 percent.
• Deliver empathetic micro‑trainings and town‑halls that transform missteps into memorable learning moments.

Vendor Security Reviews

• Lead due‑diligence for all third‑party vendors, scoring them against NIST 800-53 and ISO 27001 controls.
• Follow-up and remediate risk scoring directly with vendors and internal owners; log and track residual risk in our VRC platform.

Threat Hunting & Monitoring

• Proactively hunt for indicators of compromise using threat‑intel feeds and custom KQL queries.
• Own dashboards that surface trending threats and actionable KPIs the Cybersecurity Engineering Manager relies on for leadership updates.

Policy & Program Advancement

• Contribute to policy reviews, BCP/DR tabletop exercises, and compliance audits (SOC 2 Type 2, CCPA, GLBA).
• Champion a “security‑by‑design” mindset across sprint ceremonies and product lifecycles.

Continuous Improvement & Learning

• Track emerging TTPs and propose at least one tooling or process enhancement every quarter.
• Be ready to continuously learn and expand by —sharing your passion for curiosity, experimentation, and lifelong growth.

Preferred Skills & Experience

• Education & Foundations
• Bachelor’s degree in Cybersecurity, Computer Science, Information Assurance, or related discipline (or equivalent experience) preferred.
• Technical Foundation
• 1+ year hands‑on in incident response, SOC operations, or privacy investigations.
• Proficiency with SIEM platforms— Microsoft Sentinel or Splunk.
• Working knowledge of KQL for advanced log analytics.
• Familiarity with email‑security and phishing‑simulation tools (e.g., KnowBe4, Proofpoint).
• Basic scripting in PowerShell, Bash, or Python for troubleshooting, automation, and reporting.
• Understanding of cloud platforms (AWS, Azure) and container security fundamentals.
• Frameworks & Methodologies
• Comfort aligning controls with NIST CSF, CIS Controls, ISO 27001, and SOC 2.
• Exposure to MITRE ATT&CK for threat modeling and detection logic.
• Soft Skills that Set You Apart
• Storytelling—distill complex technical findings into plain‑English business impact.
• Empathy—coach, don’t scold; build relationships that invite security early and often.
• Unshakable curiosity—eager to chase a log trail until 2 a.m. if that’s what the risk demands.
• Self‑starter mentality—spot trends and propose fixes without waiting for permission.
• Certifications (nice to have)
• CompTIA Security+, Network+, or SSCP
• GIAC GMON/GCIH, Microsoft SC‑200, or AWS/Azure security certs

What success looks like after 3 months

• Mean time to detect (MTTD) reduced by 30 % through refined queries.
• Organization‑wide phishing susceptibility cut in half.
• 100 % of high‑risk vendors have remediation plans in place or accepted risk sign‑off.
• Security is seen not as a gatekeeper but as a strategic enabler—because you made it that way.

The honor of joining Doma

When you accept this role, you become a guardian of trust for every team member and associate we serve. You’ll belong to a passionate team that celebrates diverse ideas, invests in your growth, and genuinely cares about your wellbeing. If that sounds like a mission worth defending, we can’t wait to meet you.