Information Security SOC Analyst

The SOC Analyst, Cybersecurity Response Operations, is a key player in safeguarding Sephora's critical systems and data. This role requires someone well-organized, reliable, detail-oriented, and confident working both independently and collaboratively in a fast-paced environment. As part of a fully remote, 24x7 Security Operations Center (SOC), the SOC Analyst will help detect, respond to, and prevent security incidents while contributing to the continuous improvement of SOC processes

RESPONSIBILITIES:

• Monitor, analyze, and triage security events from multiple tools and technologies to identify potential threats and vulnerabilities.
• Provide Incident Response (IR) support when actionable incidents are confirmed, ensuring rapid containment and resolution.
• Conduct proactive threat hunting using advanced security tools to identify and mitigate potential risks.
• Utilize and manage SOC tools, including Zscaler, Vectra, Obsidian, Tanium, SentinelOne, Splunk, and SIEM platforms, to enhance detection and response capabilities.
• Analyze and interpret Windows, Linux, Firewall, VPN, SSO, and other security log files to identify trends and patterns.
• Develop and maintain scripts using PowerShell and Python to automate SOC processes and improve efficiency.
• Collaborate with cross-functional teams, including IT Operations, Cybersecurity Engineering, and Compliance, to strengthen the organization’s overall security posture.
• Perform detailed post-incident reviews to identify root causes and recommend improvements.
• Provide regular reporting on SOC activities, including incident trends, metrics, and remediation effectiveness.
• Stay updated on emerging security threats, vulnerabilities, and technologies to ensure the SOC remains ahead of evolving risks.
• Integrate and share knowledge with peers and other teams to foster a culture of continuous learning.
• Other tasks and responsibilities as assigned.

REQUIREMENTS:

• Bachelor's degree in a related field or equivalent practical experience.
• 3+ years of experience in cybersecurity operations, network administration, or equivalent knowledge.
• Proficiency in security methodologies, processes, and technical security solutions (firewalls, intrusion detection/prevention systems, EDR/XDR platforms).
• Knowledge of TCP/IP protocols, network analysis, and network/security applications.
• Hands-on experience with SOC tools and technologies, including:
• SIEM platforms (e.g., Splunk, QRadar, Sentinel).
• EDR/XDR platforms (e.g., SentinelOne, CrowdStrike).
• Threat intelligence and detection tools (e.g., Zscaler, Vectra, Obsidian).
• Endpoint management tools (e.g., Tanium).
• Vulnerability management platforms (e.g., Qualys, Tenable).
• Familiarity with security frameworks such as MITRE ATT&CK, NIST, and CIS.
• Strong scripting skills in PowerShell and Python to support automation and analysis tasks.

PREFERRED QUALIFICATIONS:

• Relevant certifications such as GCIA, GCIH, CISSP, OSCP, CEH, or similar.
• Proven experience with cloud security monitoring tools (e.g., AWS, Azure, GCP).
• Strong understanding of advanced threat detection and response techniques.

DESIRED QUALIFICATIONS:

• Drive innovation by analyzing and interpreting data to test and inform new approaches.
• Accountable for successful completion of multiple individual projects simultaneously.
• Communicate effectively by contributing significantly to the development and delivery of various documents for diverse audiences.
• Demonstrate adaptability by embracing change and adjusting priorities or processes as needed.
• Proactively present solutions for challenges encountered during incident response and SOC operations.
• This is a fully remote position with flexible hours to accommodate 24x7 SOC operations.