Security Operations Analyst, Senior

About The Position

Requirements

• 5-7 years of experience in security operations or related disciplines, with demonstrated expertise in security analysis and incident response.
• Working knowledge of security controls including access control, authentication, encryption, system integrity, and logging as applied to security monitoring and detection.
• Experience with security operations including monitoring, incident response, and incident management procedures, with the ability to investigate, escalate, and respond to security events.
• Ability to develop, modify, and maintain threat detection rules within SIEM platforms, including tuning alerts and improving detection fidelity.
• Understanding of security telemetry, including log collection and ingestion (e.g., syslog, Windows Event Forwarding, ELK), normalization, and data quality considerations to support effective detection and visibility.
• Strong knowledge of operating systems (Windows, Linux, macOS), identity systems (e.g., Active Directory), and network fundamentals (TCP/IP, DNS) as they relate to security monitoring and investigation.
• Experience with endpoint, network, and host-based security tools including EDR, IDS/IPS, firewalls, vulnerability scanners, and host-based detection/prevention systems.
• Ability to analyze and correlate data across multiple security and telemetry sources to identify patterns, anomalies, vulnerabilities, and potential security threats.
• Experience applying security frameworks such as MITRE ATT&CK to map adversary behaviors and support detection and response development.
• Experience with malware analysis, network forensics, and digital forensics concepts and tools; reverse engineering skills are a plus.
• Ability to assess security threats and implement timely mitigations under pressure.
• Experience using scripting languages such as Python, PowerShell, or equivalent to support automation, analysis, and response activities.
• Strong collaboration and communication skills with the ability to build effective relationships across technical and non-technical teams.
• Experience with security platforms and tools including SIEM, SOAR, EDR, vulnerability management, and threat intelligence tools (e.g., Google SecOps/Chronicle, Microsoft Defender for Endpoint, SentinelOne Singularity, Tanium Threat Response, Recorded Future).
• Experience developing or working with automated response workflows and playbooks (SOAR).
• Advanced professional role requiring strong technical proficiency in security operations, detection, and incident response.
• Works independently with minimal supervision on complex investigations, exercising sound judgment to resolve issues, identify risks, and escalate appropriately.
• Serves as a senior technical resource for the team, providing guidance, mentorship, and cross-training to junior analysts while promoting consistent standards for analysis, detection, and response.
• Contributes to the development and continuous improvement of detection logic, alert tuning, and response playbooks.
• Effectively communicates with both technical and non-technical stakeholders and collaborates with peers on complex issues to enhance team capability.
• May assist in coordinating and tracking tasks for junior team members.

Nice To Haves

• A degree in Cybersecurity, Information Technology, Computer Science, or related field is desirable.
• Industry-recognized certifications are a plus and may include: CompTIA Security+ or CySA+, Microsoft SC-200, GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Cyber Threat Intelligence (GCTI), GIAC Security Operations Certified (GSOC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and relevant cloud or security vendor certifications (e.g., SIEM, SOAR, endpoint, or cloud security platforms).
• Experience with cloud security monitoring and native security services across AWS, Azure, Google Cloud, or OCI is a plus.
• Familiarity with security-focused frameworks, methodologies, and best practices for detection, response, and vulnerability management is a plus.
• Ability to analyze and apply threat intelligence to support detection, investigation, and response activities.

Responsibilities

• Develop and deliver security reports and metrics to support operational awareness and leadership decision-making.
• Identify and support mitigation of information security risks, including evaluating projects and initiatives for alignment with security requirements, policies, and standards.
• Support internal and external audits by collecting and analyzing evidence, assessing control effectiveness, and ensuring adherence to established security frameworks and policies.
• Track and manage remediation activities, including corrective action plans and audit findings, ensuring timely resolution of identified security issues.
• Identify, investigate, and respond to security incidents, including analyzing root cause and impact to contain threats and reduce organizational risk.
• Maintain and support security tools, controls, and monitoring capabilities to ensure effective detection and response.
• Develop, implement, and continuously improve threat-informed detections and automated response playbooks, including use case development, rule creation, tuning, validation, and optimization through incident feedback and testing.
• Monitor systems and security telemetry for violations, vulnerabilities, and anomalous activity.
• Analyze and apply threat intelligence to enhance detection, response, and situational awareness.
• Identify and support onboarding and validation of security telemetry to ensure effective detection and visibility.
• Collaborate with cross-functional teams to support incident response, remediation, and security improvements.
• Assist in the evaluation and selection of security technologies and solutions to support detection, monitoring, and response capabilities.