SOC Analyst

About The Position

Requirements

• Hands‑on experience with SIEM/EDR/XDR platforms and comfort analyzing logs and alerts.
• Familiarity with the incident response lifecycle and basic root cause analysis.
• Understanding of NIST 800‑171/172, CMMC, or similar compliance frameworks.

Nice To Haves

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
• 1–3+ years of experience in a SOC, security operations, incident response, or related role.
• Certifications such as Security+, CySA+, GSEC, or similar.
• Experience with Splunk, Elastic, Sentinel, or other search‑based platforms.
• Knowledge of MITRE ATT&CK.
• Exposure to scripting or automation tools is a plus.

Responsibilities

• Conduct investigations across endpoint, network, cloud, and identity telemetry to validate alerts and identify malicious activity.
• Perform initial and mid‑tier analysis, document findings, and escalate complex cases to senior analysts as needed.
• Support incident response activities by gathering evidence, reconstructing timelines, and contributing to root cause analysis.
• Assist in developing incident summaries and client‑ready documentation.
• Identify false positives, tuning opportunities, and detection gaps during investigations.
• Collaborate with Detection Engineering by providing feedback on rule performance and emerging patterns seen in telemetry.
• Participate in validating new detections before they are deployed into production.
• Use SOAR tools to execute automated enrichment, triage steps, and response actions.
• Flag repetitive tasks or bottlenecks that may benefit from automation improvements.
• Validate automated playbook behavior and ensure alignment with SOC escalation procedures.
• Leverage AI copilots and enrichment tools to support triage, log interpretation, and case documentation.
• Follow established prompt templates and quality‑check AI‑generated outputs for accuracy.
• Provide feedback on AI performance and identify opportunities to improve SOC workflows.
• Participate in hypothesis‑driven and intelligence‑led hunts by reviewing artifacts, anomalies, and suspicious activity.
• Recommend potential hunt ideas based on recurring alert patterns or telemetry observations.
• Help ensure hunt findings translate into improved detections or instrumentation.
• Maintain clear, accurate case notes and technical documentation.
• Contribute to SOC runbooks, knowledge articles, and internal process improvements.
• Collaborate with peers to share insights, improve consistency, and strengthen overall SOC performance.

Benefits

• Flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients.