Security Operations Analyst (mid level)

About The Position

Requirements

• 3+ years of hands-on experience in a Security Operations, detection engineering, or incident response role
• Demonstrated experience triaging and investigating alerts across at least two of the following: endpoint, cloud, identity, network, or SaaS environments
• Hands-on proficiency with enterprise SIEM platforms and their query languages; ability to write and iterate on detection logic from scratch
• Experience with EDR tooling in an operational context; ability to hunt, triage, and respond using endpoint telemetry
• Solid understanding of attacker TTPs mapped to MITRE ATT&CK, and the ability to apply that knowledge during active investigations
• Experience writing or iterating on detection logic, response playbooks, or SOC operational documentation
• Scripting proficiency in Python, PowerShell, or Bash for alert enrichment, automation, or triage support
• Strong understanding of network fundamentals: TCP/IP, DNS, HTTP/S, firewall and proxy logs, and lateral movement patterns
• Clear and structured written and verbal communication — you can brief a non-technical stakeholder and write a thorough incident report
• Ownership mindset: you follow incidents through to closure and flag what needs to be fixed, not just what needs to be documented
• Security Clearance eligible

Nice To Haves

• Experience with XDR platforms and cross-domain correlated detection across endpoint, identity, and cloud
• Familiarity with cloud-native security operations and log sources in AWS or Azure environments
• Experience with SOAR platforms or building response automation workflows
• Exposure to supply chain and CI/CD pipeline security monitoring
• Familiarity with data lake-based or pipeline-driven detection architectures
• Experience operating in or supporting classified, GovCloud, or FedRAMP environments
• Background in defense, aerospace, robotics, or other high-assurance operational environments
• Familiarity with compliance frameworks such as NIST SP 800-171, NIST SP 800-53, or CMMC
• Relevant certifications: GIAC GCIH, GCIA, GCFE, BTL1/2, CySA+, OSCP, or equivalent
• Active security clearance or prior clearance history is a strong differentiator

Responsibilities

• Monitor and triage security alerts across endpoint, cloud, identity, network, and SaaS telemetry using enterprise SIEM and XDR platforms
• Perform in-depth alert investigation and root cause analysis, documenting findings with clear, structured timelines and impact assessments
• Tune detections to reduce false positive noise and improve signal fidelity; contribute to detection-as-code pipelines using structured query languages
• Operate across multiple detection and visibility platforms as part of a maturing, layered security monitoring ecosystem
• Lead initial incident response for mid-tier events: contain, eradicate, and recover across endpoint, cloud, and identity domains
• Participate in the on-call incident rotation and effectively communicate status and findings to the SecOps Lead and relevant stakeholders
• Conduct post-incident reviews, identifying gaps in detection, response, and containment and translating them into actionable improvements
• Coordinate with Security Engineering and IT during active incidents to accelerate response and reduce dwell time
• Support the SecOps Lead in developing and refining response playbooks, runbooks, and analyst workflow documentation
• Conduct targeted threat hunting operations to identify attacker activity not surfaced by automated detections
• Contribute to SecOps metrics tracking, reporting, and operational readiness reviews
• Help onboard and mentor junior analysts as the team grows, serving as a technical resource and process guide

Benefits

• Medical Insurance: Comprehensive health insurance plans covering a range of services
• Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
• Time Off: Generous PTO and Holidays
• Parental Leave: Paid maternity and paternity leave to support new parents
• Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
• Retirement Plan: 401(k) plan with company match
• Stock Options: Equity options to give employees a stake in the company’s success
• Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
• Pet Insurance: Discounted pet insurance options including 24/7 Telehealth helpline
• Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office