×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

CSOC Analyst

Remote / Online - Candidates ideally in
Austin, Travis County, Texas, 78716, USA
Listing for: Visual Connections, LLC
Remote/Work from Home position
Listed on 2026-02-24
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 70000 - 90000 USD Yearly USD 70000.00 90000.00 YEAR
Job Description & How to Apply Below
Position: CSOC Alert Analyst

Visual Connections is seeking a CSOC Alert Analyst. As a CSOC Alert Analyst, you will play a critical role in supporting the mission of the Veterans Affairs (VA) by monitoring key cybersecurity systems for intrusions and vulnerabilities amongst VA’s application environments.

Veterans are encouraged to apply.

Position is currently remote but could move to onsite in Martinsburg, WV, Hines, IL, or Austin, TX

Duties

For a Cybersecurity Operations Center (CSOC) alert analyst, the duties related to Palo Alto's Prisma Cloud tools are highly focused on triage, investigation, and response for cloud-native security events. Unlike an on-premise analyst who might focus on firewall or endpoint logs, a Prisma Cloud analyst's world is centered on the unique risks of the cloud.

Here are some key duties for a CSOC alert analyst using Prisma Cloud:

The analyst is the first line of defense, responsible for reviewing and triaging alerts generated by Prisma Cloud. This includes identifying if the alert is a true positive or a false positive.

The Alert Analyst willuse Prisma Cloud's features to enrich alerts with critical context. This involves examining the affected asset (e.g., a container, serverless function, or virtual machine), its environment (e.g., production vs. development), its network exposure, and any associated user or service identities. This helps to quickly determine the severity and business impact of the alert.

Using Prisma Cloud's risk scoring and attack path analysis, the analyst will prioritize the most critical alerts. This means focusing on incidents that show a clear path to sensitive data or a known exploitable vulnerability, rather than simply responding to every low-severity misconfiguration.

For true positive alerts, the analyst performs a deeper investigation. This involves pivoting from the alert to review associated logs, network traffic, and forensic data within Prisma Cloud's dashboard

Alert Analysts may proactively use Prisma Cloud's tools to hunt for potential threats that haven't triggered an alert. This can involve searching for anomalous activity, suspicious network connections, or unauthorized changes to cloud configurations.

The analyst may work to identify the root cause of the incident. For example, if a container has a vulnerability, they investigate why that container was allowed into production in the first place, or if a user has overly permissive access, they look into the reason behind it.

The analyst works with security orchestration, automation, and response (SOAR) playbooks, often integrated with Prisma Cloud, to trigger automated response actions. This could involve an automated process to disable a compromised user account or a "virtual patch" to a host to prevent an exploit.

In cases where automation isn't possible, the analyst may provide the technical team with specific, actionable remediation steps. This could be as simple as telling a Dev Ops engineer which misconfigured S3 bucket to lock down.

The analyst documents the investigation and provides clear, concise communication to stakeholders. They are responsible for escalating high-priority incidents to senior analysts or incident response teams, ensuring they have all the necessary context to take over.

To reduce "alert fatigue," the analyst plays a role in fine-tuning Prisma Cloud policies. If they consistently see false positives from a certain rule, they work with a senior engineer or a Dev Ops team to adjust the policy or exclude specific resources.

They may also be involved in creating new detection rules based on emerging threats or new compliance requirements, using Prisma Cloud's policy-as-code capabilities.

Requirements:

Bachelor's Degree or higher with 3-10 year’s experience or 5 year’s minium experience may be considered in lieu of a degree

Familiar with monitoring security dashboards

Experience with Palo Alto Prisma Cloud or similar tools. XSIAM experience a plus

Experience with Agile project management methods and frameworks such as SCRUM

Exceptional written and verbal communication skills

Strong planning, organizational, and time management skills

Exceptional analytical and conceptual thinking skills

Ability to…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search