Senior SOC Analyst​/Threat Hunter

About Lubrizol
Lubrizol Corporation, a Berkshire Hathaway company, is a specialty chemical company whose science delivers sustainable solutions to advance mobility, improve wellbeing and enhance modern life. Founded in 1928, Lubrizol owns and operates more than 100 manufacturing facilities, sales, and technical offices around the world and has about 8,000 employees. For more information, visit
We value diversity in professional backgrounds and life experiences. By enabling a consistent, unbiased, and transparent recruitment process, Lubrizol seeks to create a positive experience for candidates so we can get to know them at their best. We recognize unique work and life situations and offer flexibility, ensuring our employees feel engaged and fulfilled in every aspect of life.

Senior SOC Analyst/Threat Hunter

Wickliffe, OH

Permanent

Hybrid (4 days in office, 1 day remote)

• Execute defined incident response playbooks to investigate security incidents. This includes clear documentation of incident artifacts and business impacts/concerns.
• Develop new investigation and response playbooks.
• Automate repetitive SOC tasks using Python, Power Shell, and SOAR platforms to improve response time and reduce analyst fatigue.
• Leverage AI/ML‑enhanced tools (e.g., SOAR platforms) to improve detection and response efficiency.
• Integrate MITRE ATT&CK and behavioral analytics into threat detection workflows.
• Conduct hypothesis‑driven threat hunts using structured methodologies.
• Collaborate with threat intelligence platforms (e.g., MISP, Recorded Future) to enrich investigations.
• Design and execute proactive, hypothesis‑based threat hunts across endpoints, networks, and cloud environments using behavioral indicators and threat models.
• Participate in the development and continual refinement of security group operating practices/processes.
• Provide training on tools and team processes for new analysts, Co‑Ops, and Interns.
• Participate in the definition of security policies, procedures, and standards. Implement, enhance, and execute security policies, procedures, and standards.
• Serve on projects and initiatives as a subject‑matter expert and technical advisor as assigned.
• Other information security activities as needed.

• Bachelor’s degree in cybersecurity, computer science, or a related field with an equivalent combination of education and experience in cybersecurity.
• 2 or more industry‑recognized cybersecurity certifications (MAD, GSOC, GCIH, CEH, etc.).
• Minimum of 7 years’ experience in cybersecurity roles.
• 4+ years working in a hands‑on technical IT support role with strong understanding of networking, operating systems, and Microsoft Active Directory.
• Excellent analytical and problem‑solving skills, with the ability to assess complex security issues and develop effective solutions.
• Strong written and verbal skills.
• Familiarity with MITRE ATT&CK, Sigma rules, and YARA for threat detection.
• Experience with XQL, KQL, or other query languages for large‑scale data analysis.
• Ability to build relationships and work in a collaborative, matrix‑driven, global environment.
• Strong IT process discipline.
• Sound decision making, proactive/creative problem solving and strategic thinking skills.
• Must be a self‑starter, able to manage multiple priorities and meet deadlines while providing quality customer service to internal and external stakeholders.
• Knowledge and experience with security access administration systems and processes.
• Knowledge and experience with Windows operating systems and Microsoft Active Directory.
• Familiarity with industry standards and frameworks (e.g. NIST, CIS Critical Security Controls, SANS, etc.).

• Programming skills necessary to build and maintain interfaces between security tools or automate security processes.
• Experience with AI/ML‑based threat detection and automated playbook development.
• Familiarity with threat‑modeling frameworks and adversary emulation.
• Exposure to OT/ICS environments.
• Threat hunting experience and familiarity with threat intelligence programs (Recorded Future, Threat Grid, etc.).
• Experience supporting full vendor‑stack…