SOC Analyst

This is a fully remote position, open to applicants in Tennessee.

📋 Description

• Continuously oversee and prioritize alerts and detections across SIEM, EDR/XDR, identity, email, network, and cloud telemetry for our managed client base, applying severity classification and initial enrichment on every event you handle.

• Conduct thorough investigations of suspicious activities from start to finish — validating, pivoting, and performing root-cause analysis — employing knowledge of attacker tradecraft, the MITRE ATT&CK framework, and the cyber kill chain to arrive at confident, well-supported conclusions.

• Implement documented response playbooks to mitigate threats, which include isolating hosts, disabling compromised accounts, blocking indicators, resetting credentials, and coordinating transitions with client and engineering teams.

• Collaborate with Detection Engineering to minimize noise and false positives, while proposing, testing, and deploying new analytics, automations, and SOAR playbooks that enhance the SOC's speed and accuracy.

• Maintain audit-quality documentation throughout each case, meticulously recording notes, timelines, and customer-facing communications in the ticketing and case-management system.

• Consistently achieve triage, investigation, and notification SLAs while maintaining high accuracy, low false-positive rates, and strong client satisfaction across the portfolio.

• Foster continual improvement of the SOC by incorporating lessons learned back into detections, playbooks, runbooks, and knowledge-base articles in collaboration with SOC Leadership and Detection Engineering.

• Work during an assigned shift (Day, Swing, or Night) within a 24x7 rotation — including weekends and holidays as scheduled — and respond to on-call escalations when necessary.

⛳️ Requirements

• A minimum of one year in an IT security role or IT support role with significant security responsibilities.

• Proficient understanding of core security concepts: TCP/IP, common protocols, Windows and Linux fundamentals, Active Directory / Entra ID, cloud (Azure / AWS / GCP) basics, and common attacker techniques.

• Familiarity with at least one SIEM and one EDR/XDR platform; comfortable with writing or modifying basic queries (KQL, SPL, or similar).

• Proven ability to communicate effectively and collaborate within a diverse, high-performance team environment with a strong commitment to customer service.

• Candidates must be willing to undergo a background examination.

🏝️ Benefits

• Inclusive work environment

• Accommodations throughout the interview process