Security Operations Center Analyst

* This role is on site in Raleigh/Durham NC and will need the ability to eventually obtain a security clearance*

• Experience:
  
  1-3 years of professional experience in a Security Operations Center (SOC) or in a previous security analyst role involved with detection and response.
• Working knowledge of Splunk or similar SIEM platforms
• Understanding of common security threats
• Familiarity with cloud environments (AWS/Azure basics)
• Basic understanding of networking concepts and protocols
• Ability to read and interpret security logs
• Strong analytical and problem-solving abilities
• Excellent written and verbal communication skills
• Detail-oriented with strong documentation habits
• Team player with willingness to learn and adapt

• Certifications:
• Security+, CySA+, or similar entry-level certifications
• Microsoft Azure Fundamentals or AWS Cloud Practitioner
• Prior experience in an MSSP-type setting or handling alerts for several clients
• Experience with ticketing systems (Service Now, Jira, etc.)
• Understanding of compliance frameworks
• Experience with Kusto Query Language (KQL)

We are seeking a dedicated Security Operations Center (SOC) Analyst to join our team in delivering robust detection and response capabilities. As a key member of our 24/7 SOC, you will be responsible for monitoring our environment, triaging security alerts, and driving the investigation process. This role is essential to maintaining the security posture of our organization, requiring a candidate who can effectively operate within a 24/7 environment, participate in on-call rotations, and contribute to the continuous improvement of our defensive strategies.

• Security Monitoring & Alert Triage:
• Monitor security alerts across a diverse stack, including Splunk SIEM, endpoint detection and response (Defender and Trend Micro), cloud security platforms (Wiz, AWS Security Hub, Guard Duty), data loss prevention (DLP) tools, and network telemetry.
• Conduct initial triage and investigation of security events to determine severity and potential business impact using Splunk and integrated security tools
• Correlate alerts across multiple data sources to identify attack patterns, differentiate true positives from false positives, and construct comprehensive incident timelines.
• Document investigative findings, evidence, and analysis within ticketing systems, ensuring clear and actionable details for seamless escalation.
• Escalate validated threats and complex incidents with thorough supporting documentation.
• SOC Operations
• Collaborate in post-incident reviews to assist with the refinement of detection logic, updating of playbooks, and enhancement of response procedures
• Provide feedback on coverage gaps and opportunities for automation based on daily experience
• Support metrics collection and reporting to measure operational effectiveness

• Review and validate vulnerability scans from applicable tools
• Track remediation efforts and coordinate with system owners
• Maintain awareness of current threat landscape