Senior SOC Analyst

Coretelligent

3d•Remote

About The Position

At Coretelligent, we take ownership of the technology and security environments our clients rely on every day. Our Security Operations team plays a critical role in protecting client infrastructure across highly regulated industries where reliability, visibility, and rapid response are essential. As a Senior SOC Analyst, you will serve as a senior technical resource within the Security Operations Center, responsible for advanced threat detection, investigation, and incident response across multiple client environments. This role acts as an escalation point for complex investigations while also helping improve the maturity, efficiency, and quality of our SOC operations. You will combine hands-on analytical work with mentorship and operational improvement efforts. This includes conducting deep investigations, leading incident response efforts, refining detection capabilities, and ensuring consistent investigative standards across the team. The ideal candidate demonstrates strong technical judgment, calm decision-making during security events, and the ability to communicate clearly with both technical teams and client stakeholders.

Requirements

5+ years of experience in security operations, threat detection, digital forensics, incident response, or related cybersecurity roles.
Demonstrated experience conducting advanced security investigations within SOC or incident response environments.
Strong familiarity with security operations technologies including SIEM platforms, EDR/XDR tools, IDS/IPS, firewall telemetry, and cloud logging solutions.
Deep understanding of attacker methodologies and security frameworks such as MITRE ATT&CK, cyber kill chain, and NIST incident response lifecycle.
Proficiency in log analysis, detection tuning, event correlation, and end-to-end investigation workflows.
Experience coordinating response activities across multiple stakeholders during active security incidents.
Strong written and verbal communication skills, including the ability to translate complex technical findings into clear client-facing summaries.
Relevant cybersecurity certifications such as GCIA, GCIH, GCFA, GNFA, CySA+, AZ-500, or equivalent experience.

Responsibilities

Serve as a senior escalation point for SOC analysts, providing guidance on alert triage, investigation methodology, containment strategies, and incident classification.
Lead complex investigations across multiple telemetry sources including SIEM, EDR/XDR, firewall, cloud, and network logs to identify attacker behavior and root causes.
Conduct hands-on incident response activities including containment coordination, eradication guidance, recovery recommendations, and post-incident reporting.
Perform proactive threat hunting across client environments to identify suspicious behaviors, emerging threats, and attacker techniques that may evade automated detection.
Tune and optimize detection logic across SIEM platforms, EDR tooling, correlation rules, and automated workflows to improve signal quality and reduce false positives.
Contribute to SOC operational maturity through automation, SOAR workflows, and investigation efficiency improvements.
Mentor and support SOC analysts through knowledge sharing, investigation guidance, and quality review of alert handling and incident documentation.
Maintain high investigative standards through clear documentation, consistent investigation processes, and strong communication during security events.
Develop and maintain incident response runbooks, threat hunting procedures, and operational playbooks to support continuous improvement of SOC operations.
Participate in client communications during security investigations, incident briefings, and follow-up reviews while maintaining a professional and confident presence.
Stay current on evolving attacker tactics, vulnerabilities, and threat intelligence trends to continuously improve detection and response capabilities.