SOC Analyst

📋 Description

• Continuously oversee and prioritize alerts and detections across SIEM, EDR/XDR, identity, email, network, and cloud telemetry for our managed client base, applying severity classification and initial enrichment on each event you handle.

• Conduct thorough investigations of suspicious activities from start to finish — including validation, pivoting, and root-cause analysis — utilizing knowledge of attacker tradecraft, the MITRE ATT&CK framework, and the cyber kill chain to arrive at confident, well-supported conclusions.

• Implement established response playbooks to mitigate threats, which may involve isolating hosts, disabling compromised accounts, blocking indicators, resetting credentials, and coordinating transitions with client and engineering teams.

• Collaborate with Detection Engineering to minimize noise and false positives, as well as propose, test, and deploy new analytics, automations, and SOAR playbooks that enhance the SOC's efficiency and accuracy.

• Maintain audit-quality documentation throughout each case, meticulously recording notes, timelines, and customer-facing communications in the ticketing and case-management system.

• Consistently achieve triage, investigation, and notification SLAs while maintaining high accuracy, low false-positive rates, and ensuring strong client satisfaction across the portfolio.

• Propel the ongoing enhancement of the SOC by integrating lessons learned back into detections, playbooks, runbooks, and knowledge base articles in collaboration with SOC Leadership and Detection Engineering.

• Work on a designated shift (Day, Swing, or Night) within a 24x7 rotation — including weekends and holidays as scheduled — and respond to on-call escalations as necessary.

⛳️ Requirements

• One or more years of experience in an IT security role or IT support role with substantial security responsibilities.

• Proficient understanding of fundamental security concepts: TCP/IP, common protocols, Windows and Linux basics, Active Directory / Entra ID, basic cloud concepts (Azure / AWS / GCP), and prevalent attacker techniques.

• Familiarity with at least one SIEM and one EDR/XDR platform; comfortable creating or modifying basic queries (KQL, SPL, or similar).

• Proven ability in effective communication and collaboration within a diverse, high-performance team environment, demonstrating a strong commitment to customer service.

• Candidates must undergo a background examination.

🏝️ Benefits

• Inclusive work environment

• Accommodations throughout the interview process