Security Analyst I

Foresite is seeking a SOC Analyst I who has a passion for security, a keen eye for detail, and a drive to protect organizations from cyberattacks. It's more than just a job; it's a launching pad for your cybersecurity career and a first step towards an exciting future at Foresite.

What You'll Do:

The SOC Analyst I is the entry point to a structured career in Foresite’s Security Operations Center. You will work a dedicated shift inside our 24/7 Cyber Fusion Center, monitoring and triaging security alerts for our managed customers across Google Security Operations (Chronicle), our SOAR platform, and supporting tools. You will learn our detection stack, our customer environments, and our investigation process from experienced analysts and team leads, and you will be measured on clear, published performance criteria that define what it takes to advance to SOC Analyst II.

• Monitor and triage alerts across Google Security Operations (Chronicle) and the Foresite ticketing queue for assigned customer environments during your shift.
• Investigate Tier 1 incidents end-to-end: review alert context, gather evidence from Chronicle UDM and supporting tools, reach an initial disposition, and either close the ticket with a documented rationale or escalate as needed with a clear handoff.
• Follow established investigation playbooks for the top alert types and rule categories in our detection stack, and flag gaps or outdated guidance to your Team Lead for improvement.
• Communicate clearly in tickets. Every ticket you touch should be understandable by the next analyst, the customer, or an auditor reading it six months from now. Your written analysis is the primary artifact of your work.
• Partner with customers through the ticketing system on routine investigations, requests for information, and exclusion/suppression requests under Team Lead oversight.
• Meet SLA and quality targets for first-touch time, triage accuracy, and ticket closure quality as defined in the L1 performance scorecard.
• Participate in shift handoff — brief the incoming analyst on open investigations, anomalies observed during your shift, and anything waiting on customer response.
• Contribute to detections fidelity by flagging noisy rules, false-positive patterns, and alert clusters that should be reviewed by the detection engineering team.
  
  

Who you are:

• Experience: 0–2 years of prior experience in a SOC, IT security, IT operations, or helpdesk/NOC role. Recent graduates of a cybersecurity degree or certificate program are encouraged to apply.
• Working knowledge of core security concepts: the cyber kill chain or MITRE ATT&CK framework, common attack vectors (phishing, credential abuse, malware delivery, lateral movement), and the difference between detection, prevention, and response.
• Familiarity with a SIEM: You do not need Chronicle experience on day one — we will train you — but you must be able to explain what a SIEM does, how alerts are generated, and how to pivot from an alert to supporting log evidence.
• Strong written communication: You will be writing in tickets that customers read. Clear, concise, accurate writing is non-negotiable.
• Attention to detail: False positives and true positives often look nearly identical. The analysts who advance on this team are the ones who read the full log line, not the summary.
• Ability to work an assigned shift on-site in Overland Park: including weekend and holiday coverage as scheduled.
• Security certification (or equivalent) within 90 days of hire if not already held.
  
  

Nice to Have

• Hands-on experience with Google Security Operations (Chronicle), Splunk, Elastic, or Microsoft Sentinel
• BS of IT Security or Cyber Security or currently enrolled in a degree path
• Familiarity with endpoint detection and response tools (CrowdStrike, SentinelOne, Defender for Endpoint, Carbon Black)
• Basic scripting or query experience (Python, PowerShell, SQL, or SIEM query languages)
• Prior MSSP or multi-tenant environment experience
• Additional certifications: Blue Team Level 1 (BTL1), CompTIA CySA , GCIA, or Google Cloud Security Engineer
  
  

Why Join Foresite?

We are a mission-driven partner helping organizations navigate an increasingly complex threat landscape. Founded by security practitioners, we’ve grown into a global leader in SecOps and MDR by staying true to our core value: radical transparency. When you join Foresite, you are part of a "humans-first" culture where your expertise is valued, and your well-being is a priority. We leverage our Google Cloud Premier SecOps Partnership to stay at the cutting edge, but we know that our greatest asset is our people.

What We Offer

• Comprehensive Health & Wellness: Robust medical insurance options to keep you and your family healthy.
• Employer-Covered Insurance: We fully provide employer-paid Dental coverage, as well as Short-Term (STD) and Long-Term Disability (LTD).
• Recharge & Refuel: We believe in a true work-life balance. You’ll start with 3 weeks of paid vacation, plus additional sick leave and paid company holidays to ensure you have time to recharge.
• Growth & Mentorship: Access to world-class training and mentorship. We support your career trajectory, whether you’re looking to deepen your technical skills or move into leadership.
• Impactful Work: Help protect global clients using the latest AI-enhanced security tools and GCP native technologies.