SOC Analyst (CAN)

About The Position

Requirements

• One or more years in an IT security role or IT support role with significant security responsibilities.
• Working knowledge of core security concepts: TCP/IP, common protocols, Windows and Linux fundamentals, Active Directory / Entra ID, cloud (Azure / AWS / GCP) basics, and common attacker techniques.
• Familiarity with at least one SIEM and one EDR/XDR platform; comfortable writing or modifying basic queries (KQL, SPL, or similar).
• Demonstrated ability in effective communication and collaborating in a diverse high-performance team environment, with a strong commitment to customer service.
• Individuals will be required to submit to a background examination.
• Candidates must be legally authorized to work in the country where they reside.

Responsibilities

• Continuously monitor and triage alerts and detections across SIEM, EDR/XDR, identity, email, network, and cloud telemetry for our managed client base, applying severity classification and initial enrichment on every event you touch.
• Investigate suspicious activity end-to-end — from validation and pivoting through to root-cause analysis — using knowledge of attacker tradecraft, the MITRE ATT&CK framework, and the cyber kill chain to reach confident, well-supported conclusions.
• Execute documented response playbooks to contain threats, including isolating hosts, disabling compromised accounts, blocking indicators, resetting credentials, and coordinating handoffs with client and engineering teams.
• Partner with Detection Engineering to reduce noise and false positives, and to propose, test, and deploy new analytics, automations, and SOAR playbooks that make the SOC faster and more accurate.
• Maintain audit-grade documentation throughout every case, capturing notes, timelines, and customer-facing communications cleanly in the ticketing and case-management system.
• Consistently meet triage, investigation, and notification SLAs while sustaining high accuracy, low false-positive rates, and strong client satisfaction across the portfolio.
• Drive continuous improvement of the SOC by feeding lessons learned back into detections, playbooks, runbooks, and knowledge-base articles in partnership with SOC Leadership and Detection Engineering.
• Operate on an assigned shift (Day, Swing, or Night) within a 24x7 rotation — including weekends and holidays as scheduled — and respond to on-call escalations when required.