AI Summary
Monitor and analyze cybersecurity threats, investigate security incidents, and respond to security alerts in a 24/7 security operations environment. Hands-on experience with SIEM tools, threat detection, and incident handling required.
Key Highlights
Monitor security alerts and events using SIEM platforms
Investigate security incidents and respond to security alerts
Utilize threat intelligence feeds and frameworks to enhance detection
Technical Skills Required
Benefits & Perks
Full-time
24/7 security operations environment
Relatively fast-paced environment
Job Description
Position Overview
- We are seeking a highly motivated Security Operations Center (SOC) Analyst to monitor, analyze, and respond to cybersecurity threats across enterprise systems and networks.
- The SOC Analyst will play a critical role in identifying security incidents, conducting investigations, and supporting incident response activities in a 24/7 security operations environment.
- The ideal candidate has hands-on experience with SIEM tools, threat detection, and incident handling, and is comfortable working in a fully remote setting within the United States.
Key Responsibilities
1. Security Monitoring & Detection
- Monitor security alerts and events using SIEM platforms (Splunk, Sentinel, QRadar, LogRhythm, etc.).
- Analyze logs from firewalls, IDS/IPS, EDR, servers, cloud platforms, and endpoints.
- Identify, triage, and prioritize security alerts based on severity and impact.
2. Incident Response & Investigation
- Investigate security incidents including phishing, malware, ransomware, account compromise, and insider threats.
- Perform root cause analysis and determine scope, impact, and remediation steps.
- Escalate incidents according to incident response procedures and SLAs.
- Assist in containment, eradication, and recovery activities.
3. Threat Intelligence & Hunting
- Utilize threat intelligence feeds and frameworks (MITRE ATT&CK) to enhance detection.
- Conduct proactive threat hunting to identify hidden or emerging threats.
- Stay current with new vulnerabilities, attack techniques, and threat actor behavior.
4. Documentation & Reporting
- Document incidents, findings, and response actions clearly and accurately.
- Prepare incident reports and metrics for internal stakeholders.
- Support compliance and audit requirements (SOC 2, ISO 27001, NIST, HIPAA, PCI-DSS).
5. Tooling & Process Improvement
- Tune SIEM rules and alerts to reduce false positives.
- Support integration of new security tools and log sources.
- Participate in SOC playbook creation and continuous improvement initiatives.
6. Collaboration & Communication
- Work closely with Incident Response, IT, Cloud, and DevOps teams.
- Communicate effectively during active incidents and post-incident reviews.
- Participate in shift handovers and on-call rotations as required.
Required Skills & Qualifications
Technical Skills
- 2–5+ years of experience in a SOC, security operations, or cybersecurity role.
- Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, QRadar, etc.).
- Familiarity with EDR/XDR tools (CrowdStrike, SentinelOne, Defender, etc.).
- Strong understanding of networking fundamentals (TCP/IP, DNS, HTTP, VPNs).
- Experience analyzing logs from Windows, Linux, cloud platforms (AWS/Azure/GCP).
- Knowledge of malware analysis, phishing investigation, and threat detection techniques.
Security Frameworks & Standards
- Familiarity with MITRE ATT&CK, NIST CSF, and incident response frameworks.
- Understanding of common compliance standards (SOC 2, ISO 27001, HIPAA, PCI-DSS).