Lyric is an AI-first, platform-based healthcare technology company, committed to simplifying the business of care by preventing inaccurate payments and reducing overall waste in the healthcare ecosystem, enabling more efficient use of resources to reduce the cost of care for payers, providers, and patients. Lyric, formerly ClaimsXten, is a market leader with 35 years of pre-pay editing expertise, dedicated teams, and top technology. Lyric is proud to be recognized as 2025 Best in KLAS for Pre-Payment Accuracy and Integrity and is HI-TRUST and SOC2 certified, and a recipient of the 2025 CandE Award for Candidate Experience. Interested in shaping the future of healthcare with AI Explore opportunities at lyric.ai/careers and drive innovation with #YouToThePowerOfAI.
Job Summary
We are seeking an experienced and detail-oriented SOC Analyst (3–6 years) to join our cybersecurity team. The ideal candidate will be responsible for monitoring, detecting, investigating, and responding to cyber threats across the organization. The SOC Analyst will play a critical role in defending systems, applications, and data from security breaches and supporting incident response efforts, threat hunting, and continuous improvement of SOC processes.
Key Responsibilities
Security Monitoring & Incident Response:
- Continuously monitor SIEM dashboards, threat intelligence feeds, and security alerts.
- Investigate and respond to security incidents, phishing attacks, malware infections, and anomalous activities.
- Triage alerts based on severity, business impact, and threat intelligence context.
- Perform root cause analysis and prepare incident reports with actionable recommendations.
- Escalate critical incidents to Tier 3/IR teams and collaborate during major security events.
Threat Detection & Hunting
- Conduct proactive threat hunting based on IOCs, TTPs, and threat intelligence reports.
- Analyse logs from endpoints, firewalls, IDS/IPS, cloud workloads, and third-party security solutions.
- Develop and fine-tune detection rules and correlation logic in SIEM (e.g., Splunk, Sumo Logic, Sentinel).
Tool & Infrastructure Management
- Work with EDR, NDR, DLP, SIEM, SOAR, and vulnerability management platforms.
- Support integration of new log sources and ensure completeness of logging for critical systems.
- Maintain threat detection playbooks and contribute to process automation via SOAR tools.
Compliance & Reporting
- Ensure security operations align with frameworks like NIST, ISO 27001, SOC 2, or HIPAA.
- Support security audit requirements by providing incident logs and response documentation.
- Generate periodic reports on incident trends, SOC performance, and threat landscape.
Required Skills & Experience
- 5–8 years of experience in a SOC environment or cybersecurity operations role.
- Strong knowledge of attack vectors, MITRE ATT&CK framework, and incident response lifecycle.
- Hands-on experience with SIEM (e.g., Splunk, Microsoft Sentinel, QRadar, LogRhythm).
- Familiarity with endpoint protection (CrowdStrike, SentinelOne, Defender ATP, etc.).
- Knowledge of Windows/Linux log analysis, firewall rules, and cloud security controls (Azure/AWS).
- Strong analytical thinking, attention to detail, and ability to work under pressure.
Preferred Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, or related field.
- Certifications such as CEH, GCIA, GCIH, CySA+, AZ-500, or Security+ are highly desirable.
- Experience working in a 24x7 SOC or with MSSP environments is a plus.
- Exposure to compliance-driven industries (finance, healthcare, SaaS) preferred.
Soft Skills
- Strong communication and documentation skills.
- Ability to collaborate across IT, DevOps, and security teams.
- Risk-aware mindset with a proactive approach to security operations.
Work Mode: On-site / Hybrid / 24x7 Rotational Shifts if applicable
Reporting To: SOC Manager / Head of Security Operations
