Senior SOC Analyst/Engineer (Tier 3)

Salary Range: $110,000 - $125,000

STIGroup's Managed Security Operations (MSO) team provides cybersecurity monitoring, detection, and incident response to organizations that rely on us to protect their most critical assets. We combine cutting‑edge tools with a collaborative, client‑focused culture to deliver trusted managed security services – and now we're looking for a Tier 3 Senior SOC Analyst/Engineer to join us.

This role blends advanced incident response with SOC engineering. You'll lead high‑severity investigations, mentor junior analysts, and improve our detection pipelines through SIEM tuning, SOAR playbook development, and log source onboarding. It's the ideal role for someone who thrives on dissecting attacker TTPs while also building the systems that stop them.

Please note: STIGroup is unable to offer employment sponsorship. Candidates must be eligible to work in the United States.

• Lead Incident Response investigations of complex incidents across Windows, Linux, and Mac environments.
• Perform root cause analysis to uncover persistence mechanisms, lateral movement, and attacker TTPs.
• Conduct malware triage and analysis (static and dynamic).
• Review Forensics artifacts such as memory, event logs, and registries.
• Develop and tune detection logic within SIEM platforms.
• Guide containment and remediation alongside engineering teams.
• Provide Mentorship to Tier 1 and Tier 2 analysts, review escalations, and refine workflows.
• Contribute to Automation improvements (e.g., SOAR).
• Produce incident reports and communicate findings to stakeholders and clients.

• Architect, maintain, and optimize SOC platforms (SIEM, EDR, vulnerability scanners, SOAR).
• Onboard new customers and integrate log sources into the SOC environment.
• Design, build, and deploy SOAR playbooks for triage and automated response.
• Improve Detection Engineering pipelines and troubleshoot ingestion gaps.
• Maintain infrastructure documentation and detection repositories.
• Drive Automation and process improvements using scripting (Python, PowerShell, APIs).

• 4+ years in SOC analysis, incident response, or security engineering.
• Strong experience leading escalated incident response.
• Hands‑on experience with leading SIEM and EDR platforms.
• Proficiency in malware analysis, network forensics, and detection engineering.
• Familiarity with MITRE ATT&CK and attacker tradecraft.
• Experience with forensic analysis tools and methodologies.
• Strong scripting and automation skills (Python, PowerShell, APIs).
• Excellent communication skills, including customer‑facing reporting.
• Proven ability to mentor, collaborate, and peer review.
• Adaptability in a fast‑paced, fully remote environment.
• Commitment to continuous learning and staying ahead of cyber threats.

We're a remote‑first SOC that values collaboration, knowledge sharing, and continuous improvement. Our analysts are encouraged to experiment, mentor, and bring new detection ideas to the table. You won't be siloed. You'll be working directly with engineering, leadership, and clients to make a visible impact.

• Comprehensive medical, dental, and vision coverage
• 401(k) with company match
• Certification reimbursement and continuous training opportunities
• Flexible PTO and paid holidays
• Remote‑first role with core collaboration hours in EST
• Opportunities to lead initiatives and directly shape SOC operations

You'll work with leading SIEM and EDR platforms, next‑generation SOAR technology, and industry‑standard vulnerability management and network security tools. Our environment blends enterprise‑grade solutions with cutting‑edge automation, giving you the opportunity to influence how we detect and respond to threats.