
Security Operations Center Analyst
Posted 9 hours ago

Posted 9 hours ago
This is a fully remote position, open to applicants in India.
• Oversee, assess, and investigate security incidents across AWS, endpoint security systems, Google Workspace, identity management platforms, and other enterprise security solutions.
• Evaluate and interpret threat intelligence feeds, Indicators of Compromise (IOCs), Indicators of Attack (IOAs), and MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) to confirm detections, enhance monitoring, and refine detection use cases.
• Enhance security investigations using OSINT, domain intelligence, and threat intelligence resources to identify malicious activities and assist in attribution.
• Integrate telemetry from endpoints, networks, cloud environments, identity systems, SIEM, EDR, and other security tools to create a detailed investigation context and identify threats.
• Design, develop, maintain, and improve SIEM/SOAR detection rules, playbooks, dashboards, and alerts. Onboard and validate new log sources to guarantee complete and normalized visibility.
• Conduct proactive threat hunting and endpoint/cloud forensics to uncover previously undetected threats, assess scope and root cause, and provide evidence to support incident response.
• Lead comprehensive incident response efforts, including triage, investigation, containment, eradication, recovery, root cause analysis (RCA), reporting, and upkeep of incident response playbooks and standard operating procedures.
• Monitor and suggest security enhancements across AWS services, including CloudTrail, GuardDuty, Security Hub, IAM, VPC Flow Logs, CloudWatch, and AWS Config, to identify suspicious activity and misconfigurations.
• Examine identity-related threats utilizing authentication logs, privileged account activities, and audit logs from collaboration platforms.
• Administer, integrate, and perform health assessments for SIEM, SOAR, EDR, and related security technologies to ensure dependable security operations.
• Create and maintain security automation, internal tools, and integrations using Python, PowerShell, Bash, APIs, and webhooks to enhance investigation and response efficiency.
• Sustain and optimize threat intelligence repositories, IOC watchlists, enrichment workflows, and dashboards, translating intelligence into improved detections and alert tuning.
• Assist with vulnerability management by reviewing findings, validating remediation efforts, and contributing to risk-based prioritization.
• Compose clear and concise incident reports, root cause analysis documents, threat intelligence summaries, executive updates, and SOC performance metrics.
• Collaborate with Infrastructure, Cloud, IT, and Engineering teams to implement security measures, enhance detections, and coordinate incident response efforts.
• Assess and implement AI-assisted security workflows to enhance threat detection, alert triage, investigations, and incident response.
• Continuously evaluate and improve SOC architecture, monitoring strategies, KPIs/KRIs, automation, and overall SOC maturity in line with industry best practices.
• 3–6 years of experience in Security Operations, encompassing threat detection, incident response, threat hunting, and digital forensics in cloud and enterprise environments.
• Proven experience in managing high-severity security incidents and enhancing SOC capabilities through process improvements, automation, and measurable operational metrics.
• Experience in developing AI- or LLM-assisted SOC workflows for alert triage, investigation summaries, and multi-source threat correlation, while ensuring the accuracy of AI-generated outputs. (Preferred)
• Familiarity with AI security frameworks and threat models such as MITRE ATLAS and the OWASP Top 10 for LLM Applications. (Preferred)
• Proficient in Python, PowerShell, Bash, and REST APIs for developing automation, detection content, playbooks, and security workflows.
• Experience in integrating security technologies, managing log pipelines, and implementing automation that balances operational efficiency with appropriate human oversight.
• Strong interest in emerging threats, attacker techniques, and defense strategies, with a commitment to continuous learning and professional growth.
• Demonstrated ownership, problem-solving skills, and dedication to safeguarding organizational assets while facilitating secure business operations.
• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent hands-on experience.
• Preferred professional security certifications include OSCE, CRTP, SC-200, or equivalent.
• Excellent written and verbal communication skills, with the ability to collaborate effectively across technical and non-technical teams.
• Opportunities for professional growth in a dynamic, rapidly evolving, high-social-impact industry.
• An open-minded, collaborative culture comprised of enthusiastic colleagues driven by the challenge of innovation aimed at making a significant impact on individuals and the planet.
• A truly multicultural experience: you will have the opportunity to work with and learn from individuals of diverse geographies, nationalities, and backgrounds.
• Structured, tailored learning and development programs that support your growth as a leader, manager, and professional through the Sun King Center for Leadership.
Censys
Jamf
Binance
Get handpicked remote jobs straight to your inbox weekly.