Overview

BTVK Advisory is a leading advisory firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. BTVK Advisory, and its affiliated entities, have operations in North America, South America, Europe, Asia, and Australia. BTVK Advisory’s ultimate parent entity, Baker Tilly US, LLP, is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 141 territories, with 43,000 professionals and a combined worldwide revenue of $5.2 billion.

 
Baker Tilly is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status, gender identity, sexual orientation, or any other legally protected basis, in accordance with applicable federal, state or local law.

To be added to all ET through Experienced requisitions Any unsolicited resumes submitted through our website or to Baker Tilly Advisory Group, LP, employee e-mail accounts are considered property of Baker Tilly Advisory Group, LP, and are not subject to payment of agency fees. In order to be an authorized recruitment agency ("search firm") for Baker Tilly Advisory Group, LP, there must be a formal written agreement in place and the agency must be invited, by Baker Tilly's Talent Attraction team, to submit candidates for review via our applicant tracking system.

Job Description:

Responsibilities:

• Monitor and analyze security alerts across platforms like Microsoft Defender, Sentinel, ReliaQuest, LogRhythm, and other security tools.
• Investigate and respond to cybersecurity incidents, ensuring proper containment, eradication, and recovery.
• Conduct root cause analysis and document findings for post-incident reviews and process improvements.
• Collaborate with internal teams and external partners to enhance incident response capabilities.
• Maintain accurate, timely incident documentation in line with organizational and compliance standards.
• Develop, maintain, and refine incident response playbooks, procedures, and runbooks.
• Participate in post-incident reviews to recommend preventive measures and improvements.
• Support continuous improvement initiatives to strengthen the overall security posture.
• Participate in a shared on-call rotation, including weekends, with U.S. and global teams.
• Ensure effective communication during incidents and coordinate with stakeholders for resolutions.
   

Qualifications:

• Bachelor's degree is mandate, equivalent in Computer Science, Artificial Intelligence, Software Engineering, or a related field;
• Minimum 3 years of experience cybersecurity incident response, vulnerability management, or related security operations roles.
• Hands-on expertise with Microsoft Defender suite (Defender for Endpoint and Defender for M365) and Microsoft Sentinel, including KQL-based investigations.
• Proficiency with SIEM and security monitoring platforms such as ReliaQuest, LogRhythm, or equivalent tools.
• Working knowledge of CyberArk, AWS security monitoring, and enterprise security solutions including Azure Security Center.
• Strong experience in threat hunting, incident triage, endpoint detection and response (EDR), and security investigations.
• Solid understanding of threat detection methodologies, malware analysis, and the incident response lifecycle.
• Relevant cybersecurity certifications, such as CISSP (preferred), CEH, GIAC, or Microsoft Security certifications.
• Excellent written and verbal communication skills, with the ability to document incidents and communicate effectively in English.