Cybersecurity Operations Analyst

About The Position

Requirements

• Minimum 2+ years of experience in a SOC, Cyber Defense Center, MDR, or similar environment (L1–L3) will be preferred
• Strong understanding of attack techniques, alerting, and MITRE ATT&CK framework
• Hands-on experience with SIEM platforms such as LogScale, Splunk, Microsoft Sentinel, or Elastic
• Familiarity with EDR tools (preferably CrowdStrike Falcon)
• Exposure to SOAR platforms (e.g., XSOAR) and interest in automation
• Basic scripting experience (Python, PowerShell, or similar) preferred
• Strong analytical, troubleshooting, and evidence-based decision-making skills
• Effective written and verbal communication, including incident documentation and handoffs

Nice To Haves

• SOC Analyst (Tier 1–3)
• MDR Analyst
• Incident Response Analyst
• Threat Detection Analyst
• Detection Engineer (with SOC experience)
• Security Operations Engineer
• Security Content Developer (with SOC exposure)

Responsibilities

• Monitor and triage alerts across platforms including LogScale, CrowdStrike Falcon, XSOAR, Microsoft, and Okta
• Perform initial investigation and validation of security events to determine severity and scope
• Escalate incidents with clear documentation, supporting evidence, and recommended actions
• Conduct in-depth investigations into suspicious endpoint, identity, network, and cloud activity (L2/L3)
• Support incident containment and remediation in coordination with Incident Response and Engineering teams
• Provide feedback on alert quality, noise, and detection gaps based on operational experience
• Assist in creating and refining detection rules and correlation logic using real-world cases and threat intelligence
• Tune existing detections to reduce false positives and improve SOC efficiency
• Validate detection effectiveness against known attacker behaviors and MITRE ATT&CK techniques
• Design and refine investigative workflows to guide analysts from triage through resolution
• Develop and maintain runbooks, playbooks, and procedural guides for common alert types
• Identify missing context or data needed to accelerate investigations (e.g., enrichment, logging, asset data)
• Recommend and implement improvements that reduce analyst effort and decision time
• Utilize and enhance XSOAR playbooks and automation workflows within daily SOC operations
• Identify repetitive tasks suitable for automation and partner with engineering teams to implement solutions
• Test, validate, and optimize automated actions to ensure they support investigations effectively
• Contribute to continuous improvement initiatives focused on SOC scalability, speed, and consistency
• Develop and execute queries in LogScale and other analytics platforms to support investigations and threat hunting
• Analyze telemetry across endpoint, identity, cloud, email, and network sources to identify suspicious activity
• Identify trends, recurring issues, and visibility gaps
• Support development of dashboards and reporting for SOC performance and incident trends
• Partner with AC3 analysts to identify operational challenges and propose improvements
• Work with Threat Intelligence and PTO teams to operationalize intelligence into detections and playbooks
• Collaborate with Security Engineering to enhance logging, telemetry, and data availability
• Contribute to post-incident reviews and continuously update runbooks and detections

Benefits

• a 401(k) savings plan with employer contributions
• an employee stock purchase plan
• consideration for long-term incentive awards at Aon’s discretion
• medical, dental and vision insurance
• paid time off at the discretion of the employee and management in accordance with company policy and practices
• various other types of leaves of absence
• paid sick leave as provided under state and local paid sick leave laws
• short-term disability and optional long-term disability
• health savings account
• health care and dependent care reimbursement accounts
• employee and dependent life insurance and supplemental life and AD&D insurance
• optional personal insurance policies
• adoption assistance
• tuition assistance
• commuter benefits
• an employee assistance program that includes free counseling sessions