Security Operations Center Analyst

*This role is on site in Raleigh/Durham NC and will need the ability to eventually obtain a security clearance*

Required Skills & Experience

• Experience: 1-3 years of professional experience in a Security Operations Center (SOC) or in a previous security analyst role involved with detection and response.

• Technical Requirements:

o Working knowledge of Splunk or similar SIEM platforms

o Understanding of common security threats

o Familiarity with cloud environments (AWS/Azure basics)

o Basic understanding of networking concepts and protocols

o Ability to read and interpret security logs

• Soft Skills:

o Strong analytical and problem-solving abilities

o Excellent written and verbal communication skills

o Detail-oriented with strong documentation habits

o Team player with willingness to learn and adapt

Nice to Have Skills & Experience

Certifications:

o Security , CySA , or similar entry-level certifications

o Microsoft Azure Fundamentals or AWS Cloud Practitioner

• Additional Experience:

o Prior experience in an MSSP-type setting or handling alerts for several clients

o Experience with ticketing systems (ServiceNow, Jira, etc.)

o Understanding of compliance frameworks

o Experience with Kusto Query Language (KQL)

o Familiar

Job Description

We are seeking a dedicated Security Operations Center (SOC) Analyst to join our team in

delivering robust detection and response capabilities. As a key member of our 24/7 SOC,

you will be responsible for monitoring our environment, triaging security alerts, and driving

the investigation process. This role is essential to maintaining the security posture of our

organization, requiring a candidate who can effectively operate within a 24/7 environment,

participate in on-call rotations, and contribute to the continuous improvement of our

defensive strategies.

Key Responsibilities

• Security Monitoring & Alert Triage:

o Monitor security alerts across a diverse stack, including Splunk SIEM, endpoint detection and response (Defender and Trend Micro), cloud security platforms

(Wiz, AWS Security Hub, Guard Duty), data loss prevention (DLP) tools, and

network telemetry.

o Conduct initial triage and investigation of security events to determine severity

and potential business impact using Splunk and integrated security tools

o Correlate alerts across multiple data sources to identify attack patterns,

differentiate true positives from false positives, and construct comprehensive

incident timelines.

o Document investigative findings, evidence, and analysis within ticketing

systems, ensuring clear and actionable details for seamless escalation.

o Escalate validated threats and complex incidents with thorough supporting

documentation.

SOC Operations

o Collaborate in post-incident reviews to assist with the refinement of detection logic, updating of playbooks, and enhancement of response procedures

o Provide feedback on coverage gaps and opportunities for automation based on daily experience

o Support metrics collection and reporting to measure operational effectiveness

Vulnerability Management

o Review and validate vulnerability scans from applicable tools

o Track remediation efforts and coordinate with system owners

o Maintain awareness of current threat landscape