Security Operations Lead Security Analyst

About The Position

Requirements

• 5+ years of hands-on experience in cybersecurity operations, including incident response, threat hunting, or detection engineering within a modern SOC environment.
• Demonstrated expertise with enterprise SIEM platforms (Splunk preferred), including development and tuning of custom detections, correlation logic, and alerting use cases.
• Experience analyzing and responding to events across endpoint, cloud, identity, email, and network telemetry sources.
• Hands-on experience with AWS security services (GuardDuty, Security Hub, Inspector, Macie) and practical knowledge of cloud threat models across multi-account environments.
• Strong working knowledge of adversary TTPs (MITRE ATT&CK), with the ability to map incidents and detections to relevant techniques.
• Proficiency with scripting or automation languages (Python, PowerShell, or Bash) for investigation, enrichment, or workflow automation.
• Working knowledge of SOAR platforms and experience building or maintaining automated playbooks and enrichment workflows.
• Practical understanding of application and API security fundamentals, including OWASP Top 10 and common API attack vectors, with ability to support remediation guidance.
• Ability to communicate complex technical findings to both technical and non-technical stakeholders through clear written reporting.

Nice To Haves

• Hands-on familiarity with web application and API security testing tools (Burp Suite, Kali Linux, or similar intercept-proxy techniques).
• Experience performing manual validation of web application vulnerabilities and API security misconfigurations (authentication flows, tokens, access control).
• Experience with CSPM platforms (Wiz preferred) and applying remediation guidance across multi-account AWS environments.
• AI-assisted enrichment, correlation, or decision-support integration in SOC workflows.
• Demonstrated engagement with cybersecurity skills development through CTF platforms such as HackTheBox, TryHackMe, or similar environments.
• Understanding of secure coding principles, common application-layer weaknesses, and modern cloud-native architectures.
• Relevant certifications: GIAC (GCIH, GCFA, GDAT), CompTIA CySA+, or equivalent.

Responsibilities

• Incident Response Leadership Act as incident leader for major security events, coordinating response across SOC, IT, cloud, DevOps, and business stakeholders in alignment with established IR frameworks.
• Drive containment, eradication, and recovery decisions based on business impact, adversary behavior, and risk to critical systems and data.
• Provide real-time tactical and technical direction to analysts during escalations, ensuring consistent execution of IR playbooks and runbooks.
• Coordinate stakeholder communications and ensure all incidents are documented with clear timelines, evidence, and root-cause analysis.
• Lead post-incident reviews and translate lessons learned into new detections, controls, and process improvements.
• Detection Engineering & Threat Hunting Partner with detection engineering and platform owners to design and maintain high-value detections mapped to adversarial TTPs and prioritized by business risk.
• Lead proactive threat hunts across cloud, endpoint, identity, email, and SaaS environments using hypothesis-driven methodologies and threat intelligence.
• Identify detection and telemetry gaps, proposing new logging requirements, enrichment pipelines, and control changes to expand coverage.
• Evaluate and tune detections using data-driven methods to maximize fidelity and reduce noise.
• Contribute to standards for naming, documentation, QA, and lifecycle management of detection content.
• Automation, AI & SOAR Own and mature automation strategies for repetitive investigations and containment workflows using SOAR and scripting.
• Design, build, and maintain SOAR playbooks and automation scripts (Python, PowerShell, Bash) to orchestrate enrichment, decisioning, and response actions across tools.
• Identify high-value automation opportunities by analyzing incident patterns and response bottlenecks; measure improvements through MTTR and analyst hours saved.
• Collaborate with Security Engineering to safely incorporate AI-assisted enrichment, correlation, and decisioning into SOC workflows with appropriate oversight.
• Cloud, Data & Application Security Support cloud detection and response through AWS-native services (Security Hub, GuardDuty, Inspector, Macie) and CSPM platforms such as Wiz, prioritizing misconfigurations and threats across multi-account environments.
• Partner with DLP/DSPM owners (Cyera, Netskope, and similar platforms) to monitor sensitive data movement, identify potential exfiltration, and drive remediation aligned to regulatory requirements.
• Collaborate with application and API owners during investigations to interpret SAST/DAST and API security findings, validate OWASP Top 10 exposure, and support remediation guidance.
• Work with Security Engineering and DevOps to expand observability coverage and ensure security-relevant events are available for detection and forensic analysis.
• Forensics & Analysis Lead host, cloud, and SaaS forensics during complex incidents, ensuring proper evidence acquisition, preservation, and chain-of-custody.
• Correlate logs and artifacts across SIEM, EDR, SASE, identity, cloud, and application telemetry to determine attack path, root cause, and blast radius.
• Produce clear analytic narratives that connect technical findings to business impact and actionable remediation steps.
• Recommend containment, eradication, and hardening actions; feed recurring patterns back into detection and prevention controls.
• Process, Metrics & Continuous Improvement Own and refine SOC playbooks, runbooks, and IR workflows to stay current with tooling, architecture changes, and lessons learned.
• Lead structured post-incident reviews and ensure follow-up actions are tracked through completion.
• Define and maintain SOC metrics and reporting (MTTD, MTTR, alert trends, dwell time, ATT&CK coverage) that demonstrate operational health and effectiveness.
• Recommend new tools, integrations, logging sources, and process changes based on IR trends, threat landscape shifts, and detection gaps.
• Collaborate with cloud, appsec, identity, and GRC teams to align SOC operations with broader security strategy and expand observability across critical platforms.

Benefits

• Competitive Salary & Target Bonus Program
• Retirement Savings – 401(k) with a company match
• Comprehensive Medical insurance through BlueCross BlueShield of Texas.
• Company-paid dental, vision, short-term & long-term disability, and life insurance.
• Work-Life Balance – This role offers 20+ days of PTO, 10 paid holidays, and paid volunteer time off.
• Flexible Work Options & Perks – Hybrid opportunity, wellness programs, and weekly paid lunch for onsite staff.
• Health Savings Accounts (HSA) & Flexible Spending Accounts (FSAs) – Includes a company match for HSAs.