Position Summary
We are seeking a skilled Senior Security Analyst to join our Security Operations Center (SOC) team. This individual will play a critical role in incident response, threat hunting, log and event analysis, and mentoring junior analysts. The ideal candidate will act as a Subject Matter Expert (SME), manage complex security incidents, and ensure SOC operations run effectively in alignment with organizational security goals and compliance requirements.
Key Responsibilities
Incident Response & Management
- Lead investigations for high-severity security incidents and breaches.
- Provide expert analysis for escalated incidents from L1 and L2 analysts.
- Develop, execute, and continuously improve incident response procedures.
- Ensure appropriate escalation and stakeholder communication during incidents.
Threat Hunting & Analysis
- Proactively hunt threats using SIEM tools like Splunk, QRadar.
- Leverage threat intelligence to detect emerging threats and vulnerabilities.
- Analyze security data for trends, anomalies, and indicators of compromise.
Security Tool Management
- Manage and optimize tools such as SIEM (Splunk/QRadar), IDS/IPS, EDR.
- Tune detection rules and reduce false positives.
- Evaluate and recommend new security tools to enhance SOC effectiveness.
Log & Event Analysis
- Analyze logs from endpoints, servers, network devices, and cloud environments.
- Ensure accurate log collection, correlation, and retention.
- Provide in-depth analysis and generate actionable security reports.
Vulnerability Management
- Conduct vulnerability scans and prioritize remediation tasks.
- Work with IT and DevOps teams to patch systems and address weaknesses.
Collaboration & Escalation
- Act as escalation point for junior SOC team members.
- Collaborate with internal and external security stakeholders (e.g., MSSPs).
- Work with other security domains to ensure a unified defense strategy.
Security Policies & Best Practices
- Enforce security policy compliance and contribute to improvements.
- Conduct security awareness sessions for SOC and broader teams.
Reporting & Documentation
- Maintain detailed incident logs, root cause analyses, and threat reports.
- Prepare regular security posture reports for management and compliance teams.
Continuous Improvement
- Evaluate SOC operations and recommend enhancements to workflows, playbooks, and technology stacks.
- Stay current with evolving threats, attack vectors, and detection techniques.
- Participate in simulations, tabletop exercises, and red/blue teaming initiatives.
Compliance & Regulatory Requirements
- Ensure SOC practices align with standards like GDPR, HIPAA, PCI DSS.
- Support audits, documentation, and reporting aligned with SLAs and compliance requirements.
Mentoring & Training
- Guide and upskill L1 and L2 analysts.
- Share insights on advanced threat detection, forensic techniques, and response strategies.
Basic Qualifications
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
- 5+ years of experience in SOC operations or cybersecurity.
- Deep understanding of SIEM platforms, security monitoring, and incident response.
- Strong communication, analytical, and troubleshooting skills.
- Familiarity with IT infrastructure, networking, and security concepts.
Preferred Qualifications
- Relevant certifications: ECIH, GCIH, CISM, CISSP, etc.
- Certified in Splunk or equivalent SIEM platform.
- Hands-on experience with EDR, XDR, DLP, WAF, proxy, email security tools.
- Exposure to cloud platforms like AWS, Azure, or GCP.
- Ability to thrive in 24x7 SOC environments and rotating shifts.
