About The Position
Lead triage and investigation of security alerts, escalating and coordinating incident response as needed. Perform root cause analysis, scope affected assets, and drive containment, eradication, and recovery. Correlate events across SIEM, EDR, IDS/IPS, firewalls, cloud logs, and identity platforms to identify true positives and reduce false positives. Develop, refine, and maintain SOC playbooks, runbooks, and detection logic aligned to the MITRE ATT&CK framework. Mentor junior analysts and provide guidance on investigation techniques, documentation standards, and operational best practices. Coordinate with Threat Intelligence to enrich investigations, track adversary TTPs, and proactively hunt for indicators of compromise. Partner with Engineering teams to tune detections, improve log fidelity, and strengthen preventive controls. Create clear, actionable incident reports and executive summaries; contribute to metrics and trend analysis. Support purple team exercises and post-incident reviews to capture lessons learned and drive continuous improvement. Ensure adherence to regulatory and security policies; maintain audit-ready documentation for investigations and incidents.
Requirements
- 8+ years of experience in a SOC, incident response, or threat detection role, including Tier 2/3 investigations
- Advanced proficiency with SIEM (e.g., Splunk, QRadar, Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and SOAR platforms
- Strong knowledge of network security, Windows/Linux, identity systems, and common cloud logging sources
- Hands-on experience with the MITRE ATT&CK framework, threat hunting, IOC/IOA development, and detection tuning
- Demonstrated ability to lead complex incidents, coordinate stakeholders, and communicate clearly under time pressure
- Scripting or automation experience (e.g., Python, PowerShell) for investigation enrichment and workflow improvements
- Familiarity with NIST CSF/800-61, CIS Controls, and common regulatory requirements impacting incident response
- Excellent documentation skills and an evidence-driven approach to investigations
- Relevant certifications: GCIA, GCED, GCIH, GCFA, GNFA, CISSP, CCSP, or equivalent experience
- Experience with ticketing and case management systems (e.g., ServiceNow) and knowledge management practices
Nice To Haves
- Prior experience with threat intel platforms, sandboxing tools, and malware triage is a plus
Responsibilities
- Lead triage and investigation of security alerts
- Perform root cause analysis
- Correlate events across various platforms
- Develop and maintain SOC playbooks
- Mentor junior analysts
- Coordinate with Threat Intelligence
- Partner with Engineering teams
- Create incident reports and executive summaries
- Support purple team exercises and post-incident reviews
- Ensure adherence to regulatory and security policies
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
