IS Analyst - IT Security Operations

About The Position

Requirements

• Educational background in Cybersecurity, Computer Science, Information Technology, Engineering, or a related discipline, preferably with cybersecurity-focused coursework, specialization or practical security exposure.
• 4-7 years of hands-on experience in SOC, security operations, incident response, threat detection, security monitoring, or related cybersecurity operations roles.
• Strong hands-on experience with SIEM and EDR/XDR platforms, including alert investigation, log analysis, case handling, incident scoping, and evidence collection.
• Strong understanding of security operations concepts, including alert triage, incident response, threat detection, attack techniques, networking fundamentals, operating systems, identity security, cloud security, and core security principles.
• Ability to analyze logs, alerts, telemetry, user activity, system events, and investigation evidence to identify patterns, anomalies, root cause, and potential security impact.
• Experience improving detection rules, correlation logic, alert quality, use cases, monitoring coverage, and false positive reduction.
• Practical knowledge of MITRE ATT&CK, threat intelligence, indicators of compromise, attacker behavior, and common threat hunting approaches.
• Familiarity with common security frameworks and control references such as NIST, CIS, and related industry practices.
• Exposure to cloud environments, identity and access technologies, email security, network security, endpoint security, threat intelligence, ticketing systems, or security analytics platforms.
• Strong attention to detail, structured thinking, ownership, curiosity, and ability to manage multiple concurrent incidents in a 24x7 operating environment.
• Effective written and verbal communication skills with the ability to document findings clearly, explain technical observations, and collaborate with stakeholders and leadership.

Nice To Haves

• Basic scripting or automation exposure using Python, PowerShell, APIs, JSON, REST, or similar technologies is a plus, especially for investigation support and operational efficiency.

Responsibilities

• Lead SOC investigations, incident response, containment, and remediation while improving detection coverage, response effectiveness, threat hunting outcomes, and SOC operational maturity.
• Monitor, analyze, triage, and investigate security alerts, events, and medium to high severity incidents using established SOC processes, playbooks, and escalation paths.
• Perform detailed investigation of suspicious activity across endpoints, network, identity, email, cloud, applications, and other enterprise security technologies.
• Validate alerts, determine scope and impact, identify affected users, systems, accounts, and data, and distinguish true positives from false positives.
• Lead and support incident response activities across the incident lifecycle, including detection, analysis, containment coordination, remediation tracking, recovery support, and closure documentation.
• Perform root cause analysis for security incidents and document evidence, timeline, impact, actions taken, remediation recommendations, and lessons learned.
• Conduct threat hunting using threat intelligence, indicators of compromise, behavioral patterns, attack techniques, and frameworks such as MITRE ATT&CK.
• Review, tune, and improve SIEM, EDR, XDR, and related detection rules, correlation logic, alert thresholds, and monitoring use cases to improve detection accuracy and reduce false positives.
• Identify gaps in logging, monitoring, alerting, detection coverage, escalation, and response processes, and recommend practical improvements.
• Prepare clear incident reports, investigation summaries, escalation notes, and stakeholder communications for technical and non-technical audiences.
• Collaborate with security engineering, infrastructure, application, cloud, identity, and business teams to support investigation, containment, remediation, and control improvement.
• Track remediation actions with responsible teams and ensure incident-related risks, findings, and corrective actions are addressed in a timely manner.
• Maintain and improve SOC playbooks, runbooks, standard operating procedures, knowledge articles, investigation guides, and response documentation.
• Ensure alerts, incidents, investigation steps, evidence, decisions, and closure notes are accurately documented in ticketing or case management systems.
• Support analysts through investigation guidance, knowledge sharing, and review of incident handling quality.
• Participate in post-incident reviews and identify improvements to detection coverage, response processes, threat hunting, and operational maturity.

Benefits

• Annual discretionary bonus
• 401(k) plan with a generous match
• Recognition rewards
• Competitive healthcare options
• Insurance
• Disability benefits
• Employee stock investment program
• Learning resources
• Career development programs
• Reimbursement for certain education expenses
• Paid time off (vacation / holidays / sick / leave / parental & caregiving leave / bereavement / volunteering / floating holidays)
• Wellbeing program
• Three weeks of PTO in your first year
• Competitive medical, dental, and vision insurance
• 85% company match on pre-tax and/or Roth contributions, up to IRS limits
• Employee Stock Investment Plan (ESIP) with discounted share purchase opportunities
• Learning Education Assistance Program (LEAP)
• Opportunity to purchase company funds with no sales charge