Security Operations Analyst

About The Position

Requirements

• 2+ years experience in a Network Operations Center (NOC), Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR) capacity, or Tier 2/3 IT Administrative Support role with a focus on transitioning completely into Security
• Hands-on experience with SIEM / EDR platforms and ticketing workflows
• Proven ability to strictly follow detailed procedures and runbooks with precision and provide feedback and constructive criticism of processes that can be improved upon with the wider team
• Strong analytical and pattern-recognition skills with comfort reviewing large volumes of logs and alerts with minimal assistance
• Working knowledge of security fundamentals: network protocols, common attack techniques, authentication/authorization, and cloud IAM basics
• A strong desire to learn and grow in a technical field with specific tools and processes
• Basic knowledge of several different OS types and corporate environment architecture and network structures

Nice To Haves

• Knowledge of cloud-native environments (AWS, GCP, Azure) and modern production systems.
• Experience with CI/CD pipelines, containerized environments, or cloud identity controls.
• Exercises or experience in Purple-team oriented functions at a basic level, understanding commands at an Operating System level and how they are both identified and perceived by systems and responders
• Conduct basic Threat Intel behaviors such as researching industry standard practices and trending threats
• Basic to intermediate understanding of programming logic of common practical languages and how they can relate to Security Incidents
• Demonstrated consistency in high-discipline and process-driven roles with a focus on keeping the operations running.
• Stays up to date with technical education and emerging threats, detection methods, security concepts, conferences, and has a general understanding and desire to learn more and grow
• Security-focused and Cloud Operations certificates appreciated but not required – there is strong encouragement to learn what you can on your own and then bring that knowledge back to the team
• Familiarity with cloud-native tooling and their function for personal use, small business and large enterprise
• Home-lab environments for testing different competencies listed above

Responsibilities

• Alert Triage & Queue Management: Perform initial investigation, data enrichment, and escalation of alerts and tickets generated by the SIEM, SOAR, EDR, IDS, and other monitoring tools.
• Case Escalation: Identify alerts and situations requiring escalation to the Security on-call
• Incident Coordination: Maintain accurate and timely incident records in Security Incident record keeping software. The tasks include identifying ownership, timeline tracking, status updates, and ensuring retrospective remediation tasks are captured in individual Ticketing platforms
• Coordinate communication for containment and remediation steps with relevant teams (engineering, security, support, etc.).
• Conduct detection validation, verifying false positives and adding research for alerts to tickets before escalation to senior security engineers.
• Case Documentation: Ensure investigation notes, follow-ups, retrospective analysis, and action items are consistently documented, logged, and tracked to completion.
• Perform unsupervised investigation for lower-severity incidents or exploratory cases to determine significance.
• Stay up-to-date with trending cybersecurity topics and their application to the enterprise
• Follow an escalation protocol based around certain mapped criteria for the entirety of the Security Engineering team and assist as necessary with providing evidence for any changes that are required
• Understand the differences between detections, threat hunting, threat intelligence as well as their individual roles in a security program
• Act as a bridge between Security Operations and Engineering by helping translate threat research into clear, actionable deliverables with guidance from senior team members
• Provide concise and constant feedback on detections and their importance to the program, as well as identify areas of improvement for the Operational portion of workload
• Perform Vulnerability Management triage, including enrichment of findings, prioritization guidance, and escalation of actionable issues.
• Investigate and validate vulnerabilities, leaked secrets, and suspicious activity surfaced through scanning tools.
• Support Security Risk Register entries, including evidence collection, submission tracking, and recurring validation.
• Maintain security tooling hygiene by performing test scans, verifying dashboard integrity, confirming detection visibility, and ensuring findings properly flow to downstream systems with minimal guidance
• Assess potential issues in system operational health and provide quick writeups on the actions that were observed and their outcome to assist the Security Engineering team in quickly and efficiently identifying Incident worthy events
• Act as an Operational stakeholder and maintain accountability for day-to-day security operations by identifying outages, missing information, incorrect detections and low-level system health events
• Coordinate external penetration testing engagements, including scheduling, data gathering, issue tracking, and ensuring remediation tasks are properly logged and followed through with validation.
• Maintain a high degree of professionalism when dealing with all External communication and technical testing, whether that is in conjunction with internal Iterable teams or External teams that require assistance per our Service Level Agreements

Benefits

• Competitive salaries, meaningful equity, & 401(k) plan
• Medical, dental, vision, & life insurance
• Balance Days (additional paid holidays)
• Fertility & Adoption Assistance
• Paid Sabbatical
• Flexible PTO
• Monthly Employee Wellness allowance
• Monthly Professional Development allowance
• Pre-tax commuter benefits
• Complete laptop workstation