Senior SOC Analyst

Sargent & Lundy•Chicago, IL

1d•Hybrid

About The Position

Sargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. Since 1891, we have provided comprehensive engineering, design, and consulting services for both traditional and renewable power generation, grid modernization, nuclear power, and beyond. Our mission is to help clients achieve their energy goals effectively by leveraging advanced technologies and adopting sustainable practices. Role Overview The Senior Information Security Analyst - Security Operations acts as the technical and process subject matter expert on the Security Operations team. This is a "player-coach" role designed for a high-level individual contributor who possesses deep technical expertise in Security Events and Information Management (SIEM), Security Operations (SOC) Management, incident response and Vulnerabilities Management, while also providing technical leadership and mentorship to junior analysts and interns. The successful candidate will bridge the gap between high-level strategy and hands-on execution, ensuring our outsourced SOC vendor delivers high-quality results . Y ou will design, maintain , and interpret KPI/KRI dashboards that track SOC performance, vulnerability risk, incident trends, and control effectiveness, providing executive-ready reporting that drives accountability and informs leadership decisions.

Requirements

Education: Bachelor’s degree in computer science, information systems, or related field; or equivalent professional experience.
Professional Experience : 5 + years of experience in relevant areas within the Information Security domains.
Information Security Standards / Frameworks: Strong understanding of ISO 27001, SOC 2, NIST CSF and CMMC.
Tooling Expertise: Advanced proficiency with Qualys , SIEM platforms, DLP tool, understanding of technical details within the security events, CrowdStrike , Palo Alto Cortex XSIAM , Microsoft Defender , or similar tools
Metrics, Data Analysis & Management Reporting : Strong focus on data analysis, dashboarding, KPIs/KRIs, and executive-ready reporting .
SIEM Knowledge: Deep understanding of SIEM logic and log analysis (e.g., Splunk, Sentinel, or other relevant experience ).
Cloud Fluency: Experience managing security operations within cloud environments (Azure, or AWS).
Networking: Strong understanding of TCP/IP, DNS, WAF, and ZTNA concepts.
Compassionate Candor: Provide candid, actionable feedback to enhance team performance and individual growth, including with external partners.
Seek to Understand: Embrace curiosity and continuous learning, digging into data and root causes to drive better decisions.
We Before Me: Collaborate effectively with IT, business partners, and vendors, engaging diverse perspectives to ensure collective success.
Do What You Say: Take ownership of commitments, deliver on key initiatives, and maintain high reliability during routine operations and major incidents.
Light Up Learning: Encourage experimentation, share lessons learned ( including from incidents and near-misses ), and foster a culture of continuous improvement.
Driven by Passion: Demonstrate genuine passion for information security, resilience, and protecting the organization, especially under pressure.
Driven by Passion: Connect personal passion to the mission, demonstrating resilience in the face of challenges while pursuing organizational goals.

Nice To Haves

CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
GCIH (GIAC Certified Incident Handler)
Or any other relevant industry recognized certification

Responsibilities

Vulnerability & Threat Management Program Technical Lead: Manage the end-to-end vulnerability management lifecycle and direct the technical configurations and roadmap for the Qualys vulnerabilities scanning platform, ensuring comprehensive coverage across on-prem, cloud, and remote endpoints. Advanced Analysis and Stakeholder Coordination: Move beyond automated reporting to perform deep-dive analysis on complex vulnerabilities and coordinate with IT infrastructure and application owners for prioritization and creative remediation of vulnerabilities. Threat Intelligence Integration: Translate global threat intelligence into actionable Qualys scans and search queries to proactively identify "at-risk" assets.
SIEM/SOC Management & Coordination Vendor Technical Oversight: Act as the primary technical point of contact for the outsourced SOC provider ( Crowdstrike , Cortex XSIAM platform ) . Hold the vendor accountable to defined Service Level Agreements (SLAs) and Key Performance Indicators (KPIs). Conduct weekly quality reviews of their "True Positive" alerts and provide feedback on their analysis. SIEM Governance: Maintain complete visibility into SIEM architecture ( Splunk Cortex XSIAM platform ) . Ensure all critical log sources are properly ingested and parsed. You will own the log-onboarding process and validate that the SOC is receiving the telemetry they need to be effective. Rule Tuning: Collaborate with the SOC vendor to fine-tune correlation rules and use cases to reduce "noise" (false positives) while ensuring high-fidelity detection of "true positives." Reporting: Design and review executive dashboards that provide visibility into the health of the security environment and SOC performance.
Incident Management & Response Lead Responder: Serve as the senior technical lead during active security incidents, guiding junior staff through containment and eradication steps. Incident Life Cycle Management : Drive technical investigation, containment, and eradication phases. Lead "Lessons Learned" sessions following major incidents to identify root causes and implement preventative controls. Playbook Development: Design and maintain technical incident response playbooks that the junior team can follow during initial triage. Forensic Coordination and Oversight: Manage forensic data collection and analysis, whether performed internally or through a third-party partner. Operational Readiness: Lead tabletop simulations for the internal team to build "muscle memory" for high-pressure scenarios.
Drive data analysis, dashboards, and executive reporting Design, build, and maintain operational and executive dashboards (e.g., in SIEM tools, Power BI, or Excel) that track: SOC performance (SLAs, MTTR, true/false positive rates) Vulnerability posture (exposure, remediation timelines, risk trends) Incident patterns, root causes, and control effectiveness Translate data into clear insights and narratives for leadership, highlighting risk, performance, and trends, and recommending actions to improve security posture. Automate metrics and reporting wherever possible to ensure repeatability, accuracy, and timely visibility.
Security Resiliency & Continuity Resilience Engineering: Evaluate current security controls to identify "single points of failure" and propose architectural changes to improve the organization's ability to withstand attacks. Business Continuity (BCP) and Disaster Recovery (DR) Support : Collaborate with business units to ensure security controls support the Business Impact Analysis (BIA) and recovery objectives . Partner with the Disaster Recovery team to ensure security tools are functional during recovery/ failover scenarios.
Mentorship & Technical Leadership Team Development: Provide daily technical guidance to junior analysts and interns ( a team of 2 to 5). Conduct reviews of their analysis and help them grow their technical skill sets. Knowledge Base: Maintain a high-quality internal Knowledge Base for security operations procedures. Process Optimization: Identify manual tasks performed by the team and lead automation efforts to improve efficiency.