Sr. Analyst, CSOC

About The Position

Requirements

• Bachelor's Degree: in Computer Science, Cybersecurity, Information Technology, or a related field.
• Proven Experience: Demonstrated experience in designing and implementing security detections.
• Minimum 5 years of experience in Security Operations (SOC) roles.
• Deep understanding and hands-on experience with major cloud platforms (AWS, Azure), specifically focusing on Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) security controls, APIs, and logging/querying (e.g., CloudWatch Logs/Metrics, Azure Monitor, Azure Activity Log, Splunk, Sigma for Azure/AWS).
• Strong proficiency in at least one scripting/programming language (Python highly preferred).
• Ability to write, test, and debug code for detection logic and automation.
• Demonstrable experience with detection-as-code principles and specific frameworks (e.g., Sigma, YARA, custom scripts).
• Experience managing detection lifecycles using version control systems (Git).
• Proven hands-on experience configuring, managing, and querying SIEM platforms.
• Experience incorporating threat intelligence (e.g., threat feeds, IoCs, YARA rules, OpenIOC) into detection logic and automated responses.
• Solid grasp of network security, cloud security fundamentals, incident response lifecycles, and common attack vectors (e.g., malware, phishing, APTs).
• Excellent analytical abilities to dissect complex problems, identify patterns, and develop effective detection strategies.

Responsibilities

• Detection Engineering & Security Operations Design, develop, and maintain high-quality detections aligned to real-world adversary behaviours and MITRE ATT&CK techniques.
• Engineer detections across SIEM, EDR, cloud-native security tools, and log pipelines.
• Reduce false positives through tuning, enrichment, and behavioural correlation.
• Support incident response by improving alert fidelity and investigative context.
• Work with cloud-native logs (CloudTrail, Azure Activity Logs, etc.).
• Detection as Code (Mandatory) Build and manage detections using Detection-as-Code principles (version control, CI/CD, testing, peer review).
• Develop detections in formats such as YAML, Sigma, KQL, SPL, JSON, or custom rule frameworks.
• Implement automated testing and validation of detections using replayed attack data and simulations.
• Maintain detection repositories with clear documentation, ownership, and lifecycle management.
• Threat Intelligence & Adversary Emulation Translate threat intelligence, IOCs, TTPs, and attack reports into actionable detections.
• Develop behaviour-based detections for advanced threat actors, not just indicator-based alerts.
• Partner with Red Team / Purple Team to validate detections against real attack paths.
• Continuously improve coverage in response to emerging threats and incident learnings.
• Automation & Engineering Write production-quality code to automate detection deployment, enrichment, and response.
• Build tooling for detection testing, telemetry validation, and metrics.
• Integrate detections with automation and response workflows.
• Experience or a deep understanding of building and integrating AI workflows.

Benefits

• medical insurance
• dental insurance
• vision insurance
• 401(k) retirement plan
• basic life insurance
• supplemental life insurance
• disability insurance
• a variety of additional voluntary benefits (such as critical illness, hospital and accident insurance)
• employee discount