Sr. Security Operations Center Analyst

Sr. Security Operations Analyst - 100% remote (EST)

Optomi, in partnership with a client in the AI space is looking to add a security operations analyst to their team!

The ideal security operations analyst candidate will have at least 5 years of IT experience, with 2-4 years of experience working in a SOC. This candidate needs to already be working in a senior incident responder role with experience handling escalated incidents and working alerts from beginning to end (including hands-on remediations). Experience working in a smaller environment wearing multiple hats is preferred.

Some scripting/automation and vulnerability management experience is required.

Qualifications

• 2–4 years of experience in security operations, incident response, or related field. 5-8+ years experience working in IT
• Hands-on experience with SIEM, EDR, and network security tools.
• Strong understanding of threat actors, attack techniques (MITRE ATT&CK), and incident response best practices.
• Experience working in vulnerability management
• Ability to analyze logs, packets, and system behavior to detect and investigate malicious activity.
• Scripting skills (Python, PowerShell, or Bash) for automation.
• Excellent written and verbal communication skills.

Preferred:

• Experience in a small-team environment with cross-functional responsibilities.
• Familiarity with cloud security monitoring (AWS, Azure, or GCP).
• Industry certifications such as Security+, CySA+, GCIH, GCIA, or similar.

Key Responsibilities

• Monitor and triage alerts from SIEM, EDR, email security, and other monitoring tools.
• Investigate escalated alerts from MSSP or automated detections.
• Lead response for medium-to-high severity incidents.
• Conduct root cause analysis and document findings in post-incident reports.
• Coordinate with internal teams to contain and eradicate threats.
• Develop custom detection rules, dashboards, and reports.
• Assist in the lifecycle of vulnerability management, from scanning and analysis to remediation tracking.
• Validate and prioritize vulnerabilities based on their exploitability and potential impact to business operations.
• Work directly with IT teams to provide guidance and technical recommendations for patching and configuration changes.
• Track remediation efforts to ensure vulnerabilities are addressed in a timely manner.
• Act as a liaison between security operations and IT/business units.
• Provide technical guidance to Tier 1 analysts (MSSP)
• Communicate security findings and recommended actions to stakeholders in clear, non-technical language.
• Recommend and implement process and tooling enhancements.
• Maintain and refine incident response runbooks and escalation procedures.