SOC Analyst​/Incident Responder

ABOUT BLACK KITE

Black Kite is the global leader in third-party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business leaders a continuous, outside-in view of their entire vendor ecosystem — translating complex cyber, financial, and compliance signals into clear, actionable risk intelligence.

We go beyond open standards-based cyber ratings. Black Kite helps organizations make smarter risk decisions, strengthen business resilience, and scale their third‑party cyber risk management programs in an increasingly complex digital environment. Our work has earned consistent recognition from customers and industry analysts alike.

We’re a fast-moving, high-impact team solving one of the most critical challenges in cybersecurity today. If you’re looking to do meaningful work alongside sharp, collaborative people — and grow your career in a space that matters — you’re in the right place.

The SOC Analyst / Incident Responder is a mid-level security operations practitioner who owns their work. You will monitor and triage security events, lead incident investigations, execute response activities, and contribute to the continuous improvement of Black Kite's detection and response capability. You report to the SOC Manager and operate with meaningful autonomy on day-to-day security operations.

This is not a ticket-routing role. You bring analytical depth to alert investigations, structured thinking to escalations, and proactive energy to threat hunting. You work independently on assigned responsibilities, exercise judgment within established guidelines, and bring the SOC Manager into decisions that warrant it — not for every event.

• Monitor security events across email, endpoint, network, identity, and data loss prevention systems during assigned coverage windows
• Triage incoming alerts — distinguish genuine threats from false positives, apply context, and prioritize response actions accordingly
• Identify anomalous behavior patterns in log and telemetry data that may indicate threats not captured by automated detections
• Maintain awareness of evolving attack techniques and apply that knowledge to daily detection and triage work

• Lead investigation and response for declared security incidents within scope — from initial detection through containment, eradication, and documentation
• Execute established incident response playbooks accurately and completely; escalate to the SOC Manager when events exceed defined thresholds or require judgment outside the playbook
• Coordinate with internal stakeholders — legal, operations, HR, and leadership — as appropriate during active incidents
• Support threat hunting activities, proactively searching for indicators of compromise and undetected adversary activity
• Conduct digital forensics analysis to support incident investigation and post‑incident review

• Produce thorough, accurate incident reports documenting the full timeline, evidence chain, response actions taken, and recommendations
• Present findings and case summaries to the SOC Manager and information security leadership on a routine basis
• Maintain and improve incident handling procedures based on lessons learned from investigations
• Research emerging threats, attack methods, and digital forensics techniques; share relevant findings with the broader security team

• Identify gaps or inefficiencies in detection coverage and alert quality; bring concrete recommendations to the SOC Manager
• Contribute to the refinement of playbooks, escalation criteria, and response procedures based on operational experience
• Support Black Kite's security research function with technical review and proofreading of research content

• 2–4 years of hands‑on experience in security operations, incident response, or a closely related technical discipline
• Solid working knowledge of incident response methodology — identification, containment, eradication, recovery, and post‑incident review
• Understanding of security architecture and networking fundamentals: TCP/IP, DNS,…