Hybrid SOC Analyst: L2 IR & Threat Detection

SOC Analyst (contract) job dy Springs, GA. We are seeking a SOC Analyst to support Level 2 security operations and incident response activities in a hybrid environment based in Sandy Springs, GA. This role requires strong technical experience across SIEM tools (with preference for Google Sec Ops/Chronicle), threat detection, incident handling, and infrastructure security monitoring. You will be responsible for triaging security events, enhancing detection capabilities, and supporting a secure enterprise environment in collaboration with engineering and compliance teams.

Key Responsibilities

• Monitor, triage, and analyze security alerts from various sources including SIEM, IDS/IPS, EDR, and firewalls.
• Provide Level 2 incident response support during business hours (8x5 EST), including identification, containment, and remediation of security threats.
• Investigate suspicious activity across on-prem and cloud environments (AWS, Azure, GCP).
• Utilize Google Sec Ops (Chronicle) and other SIEM platforms for log analysis, threat hunting, and correlation.
• Apply the MITRE ATT&CK framework and cyber kill chain methodology to improve threat detection.
• Collaborate with Tier 3 analysts and threat intelligence teams to escalate and resolve complex incidents.
• Develop and maintain playbooks, detection rules, and automation scripts (Python, Power Shell, Bash).
• Participate in red/blue/purple team exercises and contribute to continuous security posture improvements.
• Support compliance initiatives related to HIPAA, PCI-DSS, GDPR, and internal security standards.
• Communicate clearly and professionally with stakeholders across IT, compliance, and executive teams.

Technical Profile

• SIEM Tools:
  Google Sec Ops (Chronicle preferred), Splunk, QRadar, Log Rhythm, Elastic Stack
• IDS/IPS platforms and EDR solutions like MS Defender, Crowd Strike
• Network and endpoint monitoring, malware analysis, and packet inspection tools (Wireshark, tcpdump)
• Familiarity with vulnerability management tools such as Nessus and Qualys
• Understanding of common protocols (TCP/IP, DNS,
• Cloud security across AWS, Azure, and GCP
• Scripting and automation with Python, Power Shell, or Bash

Functional Profile

• Hands-on experience in L2 security incident triage and escalation
• Exposure to 24/7 SOC operations or rotational support environments
• Ability to interface across IT, risk, and compliance functions
• Experienced in crisis response and working under pressure
• Curious and motivated to continuously learn and improve detection methods

Skills Summary Core Expertise:
Security Operations Center (SOC), Incident Response, Threat Detection, Security Monitoring Languages & Frameworks Python, Power Shell, Bash Reactive & Event-Driven Tools Google Sec Ops (Chronicle), Splunk, QRadar, Log Rhythm, Elastic Stack Cloud & Containerization AWS, Azure, GCP (cloud security focus)
Other Tools & Technologies Wireshark, tcpdump, Nessus, Qualys, MS Defender, Crowd Strike, MITRE ATT&CK, SIEM, IDS/IPS Soft Skills Analytical thinking, verbal/written communication, collaboration, crisis management, eagerness to learn Certifications (Preferred) CompTIA Security+, GCIH, GCIA, GCFA, Certified SOC Analyst (CSA), CEH, CISSP/CISM (a plus)#J-18808-Ljbffr