Sr. SOC Analyst

Senior SOC Analyst

Overview

A growing Financial Service organization is seeking a Senior SOC Analyst to join its Cybersecurity team. This is a hands-on security operations role focused on threat detection, incident response, vulnerability management, and continuous improvement of defensive capabilities.

The successful candidate will play a key role in identifying, investigating, and responding to security threats while partnering with infrastructure, engineering, and security teams to strengthen the organization's overall security posture.

Key Responsibilities

Security Operations & Incident Response

• Monitor, investigate, and respond to security alerts across endpoint, network, cloud, and identity environments.
• Lead incident response activities including triage, containment, remediation, recovery, and post-incident analysis.
• Execute and improve incident response procedures, playbooks, and operational workflows.
• Conduct root cause analysis and document findings from security investigations.
• Produce clear incident reports and communicate findings to technical and business stakeholders.
• Participate in an on-call rotation supporting critical security incidents.

Vulnerability Management

• Perform vulnerability assessments and assist in the identification and prioritization of security risks.
• Partner with technical teams to drive remediation efforts and reduce organizational risk.
• Monitor emerging vulnerabilities and threat activity to support risk-based prioritization.
• Contribute to reporting around vulnerability trends, remediation metrics, and overall security posture.

Threat Detection & Threat Hunting

• Support threat hunting initiatives to proactively identify malicious activity.
• Develop and improve detection logic, alerting mechanisms, and investigative processes.
• Leverage frameworks such as MITRE ATT&CK to enhance detection and response capabilities.
• Participate in security validation exercises designed to test and strengthen defensive controls.
• Research emerging threats and incorporate findings into monitoring and detection strategies.

Collaboration & Continuous Improvement

• Analyze security telemetry from a variety of sources including endpoints, network devices, cloud platforms, and identity systems.
• Partner with cross-functional teams to improve security controls and operational effectiveness.
• Maintain operational documentation and knowledge-sharing resources.
• Mentor junior team members and contribute to the growth of the security operations function.

Required Experience

• 5 years of experience in Security Operations, Incident Response, Threat Detection, or a related cybersecurity discipline.
• Hands-on experience with enterprise SIEM platforms such as Splunk, Microsoft Sentinel, Sumo Logic, QRadar, or similar technologies.
• Experience working with EDR solutions such as CrowdStrike Falcon, Microsoft Defender, SentinelOne, Carbon Black, or equivalent.
• Familiarity with vulnerability management platforms including Tenable, Qualys, Rapid7, or similar solutions.
• Experience supporting identity and access security initiatives, including Conditional Access, MFA, and modern identity platforms.
• Exposure to Data Loss Prevention (DLP) technologies and information protection programs.
• Strong understanding of incident response methodologies and security operations workflows.
• Knowledge of networking fundamentals including TCP/IP, DNS, HTTP/S, firewalls, proxies, and common attack techniques.
• Experience investigating security events across cloud, endpoint, network, and identity environments.
• Familiarity with the MITRE ATT&CK framework.
• Scripting or automation experience using Python, PowerShell, Bash, or similar technologies.
• Strong communication and analytical problem-solving skills.

Preferred Experience

• Threat hunting experience.
• Detection engineering and use-case development.
• Purple team, adversary emulation, or security validation experience.
• Experience with cloud platforms including AWS, Azure, or GCP.
• Exposure to SOAR platforms and security automation workflows.
• Familiarity with threat intelligence platforms and workflows.
• Experience with digital forensics and incident investigation tools.

Ideal Background

Candidates will typically come from environments where they have supported technologies such as:

• SIEM: Splunk, Microsoft Sentinel, Sumo Logic, QRadar
• EDR/XDR: CrowdStrike Falcon, Microsoft Defender, SentinelOne, Carbon Black
• Vulnerability Management: Tenable, Qualys, Rapid7
• Cloud Security: AWS, Azure, GCP
• Identity Security: Entra ID (Azure AD), Okta, Ping Identity, CyberArk
• Security Automation: SOAR platforms and workflow automation tools