Who You'll Work With
We are seeking a highly motivated and proactive Security Operations Center (SOC) Analyst to join our dynamic, remote cybersecurity team. The ideal candidate is a critical thinker, self-starter, and driven professional with hands-on experience using Crowdstrike or other EDRs. You will play a critical role in monitoring, triaging, and responding to cyber threats across our primarily Mac and Linux environments, with some Windows systems. You will work closely with a collaborative team of fellow SOC analysts, incident responders, threat hunters, and cross-functional partners across IT, engineering, and DevOps to ensure our security posture remains strong. We're looking for someone who takes ownership, excels in high-pressure settings, and is skilled in writing CrowdStrike Query Language (CQL) (or similar) to create effective detections that protect our organization's assets.
What You'll Do
- Monitor and triage security alerts.
- Build, test, and refine detections to enhance threat identification across Mac, Linux, and Windows systems.
- Conduct in-depth analysis of security incidents, including malware, phishing, and advanced persistent threats, leveraging SIEM and EDR capabilities.
- Perform proactive threat hunting using the SIEM and EDR features.
- Investigate and respond to incidents swiftly, following established incident response protocols.
- Document findings clearly and provide actionable remediation recommendations.
- Collaborate with cross-functional teams to strengthen security controls and mitigate vulnerabilities.
- Stay current on emerging threats, vulnerabilities, and industry trends through self-directed learning.
- Participate in on-call rotation for 24x7x365 SOC coverage, demonstrating reliability and accountability.
- Escalate confirmed or suspicious incidents and cases to the Incident Response team.
Qualifications
- 4-5+ years in a SOC and or active participant on incident response teams.
- Hands-on experience with CrowdStrike (or other EDR), triaging security incidents.
- Proven ability to write CQL (or similar) queries and build detections for threat monitoring.
- Experience triaging alerts in a high-volume environment.
- Experience with threat intelligence feeds, platform and OSINT tools (VirusTotal, etc.)
- Familiarity with forensic analysis and evidence handling.
Skills and Attributes:
- Exceptional critical thinking and analytical skills to address complex security challenges.
- Self-starter with a proven ability to take initiative and deliver results independently.
- Driven mindset, thriving in fast-paced, high-pressure remote work environments.
- Strong understanding of cybersecurity principles, threat landscapes, and attack vectors.
- Proficiency in analyzing logs, network traffic, and endpoint data using CrowdStrike Next-Gen SIEM, particularly for Mac and Linux systems (Windows experience a plus).
- Solid knowledge of incident response processes and methodologies.
- Familiarity with operating systems, with primary expertise in Mac and Linux, and secondary knowledge of Windows.
- High attention to detail and ability to make sound decisions under pressure.
- Demonstrated commitment to continuous learning and professional development in cybersecurity.
Nice-to-Have:
- Write and optimize detections to detect and investigate security events.
- Proficiency in scripting (e.g., Python) for automating SOC workflows.
- Experience creating playbooks in Crowdstrike Fusion SOAR (or similar SOAR)
- Knowledge of cloud security (GCP, AWS, and or Azure).
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
