Security Operations (SecOps) Analyst
Position Overview
We are seeking a Security Operations Analyst to monitor, detect, and respond to cybersecurity threats through advanced SIEM platforms, automated response workflows, and comprehensive security operations center (SOC) activities, ensuring 24/7 protection of organizational assets and rapid incident response capabilities.
Key Responsibilities
SIEM Platform Management
- Monitor and analyze security events using SIEM platforms including Rapid7 InsightIDR, Splunk, QRadar, and Microsoft Sentinel
Configure detection rules, correlation policies, and custom dashboards for threat identification
Tune SIEM alerts to reduce false positives and improve detection accuracy
Manage log ingestion, parsing, and retention policies across diverse security data sources
Perform threat hunting activities using SIEM query languages and analytical capabilities
Security Alert Analysis & Investigation
Conduct real-time analysis of security alerts and prioritize incidents based on risk and impact
Investigate suspicious activities, malware infections, and potential data breaches
Perform initial incident triage and escalate critical threats to senior analysts and incident response teams
Document investigation findings and maintain detailed case management records
Correlate security events across multiple platforms to identify attack patterns and campaigns
SOAR Implementation & Automation
Develop and maintain Security Orchestration, Automation, and Response (SOAR) playbooks
Automate routine security tasks including alert enrichment, containment actions, and notification workflows
Design automated response procedures for common security incidents and attack vectors
Configure integration between SOAR platforms and security tools for seamless workflow execution
Measure and optimize automation effectiveness and response time improvements
Security Operations Center Support
Provide 24/7 SOC monitoring and first-line incident response capabilities
Maintain security operations documentation including runbooks, procedures, and escalation matrices
Support security awareness initiatives and provide feedback on security tool effectiveness
Collaborate with threat intelligence teams to integrate IOCs and threat feeds into detection systems
Generate security metrics, KPIs, and executive reporting on security operations performance
Required Qualifications
Technical Skills
6+ years experience in security operations center (SOC) or security monitoring roles
Expert proficiency with SIEM platforms (Rapid7 InsightIDR, Splunk, IBM QRadar, Microsoft Sentinel)
Strong experience with SOAR platforms (Phantom, Demisto, Swimlane) and automation development
Knowledge of security technologies including EDR, NDR, IDS/IPS, and threat intelligence platforms
Understanding of network protocols, log analysis, and security event correlation techniques
Proficiency in scripting languages (Python, PowerShell) for automation and custom integrations
Security Skills
Strong understanding of cybersecurity frameworks (NIST, MITRE ATT&CK) and threat landscapes
Experience with incident response procedures and forensic investigation techniques
Knowledge of malware analysis, threat hunting, and behavioral analytics
Understanding of compliance requirements and security audit processes
Preferred Qualifications
Bachelor's degree in Cybersecurity, Information Technology, or related field
Security certifications (Security+, CySA+, GCIH, GCFA, CISSP)
Experience with cloud security monitoring (AWS CloudTrail, Azure Security Center, GCP Security Command Center)
Background in network security, endpoint protection, and vulnerability management
Knowledge of DevSecOps practices and security tool integration