Security Operations (SecOps) Analyst

Security Operations (SecOps) Analyst

We are seeking a Security Operations Analyst to monitor, detect, and respond to cybersecurity threats through advanced SIEM platforms, automated response workflows, and comprehensive security operations center (SOC) activities, ensuring 24/7 protection of organizational assets and rapid incident response capabilities.

• SIEM Platform Management

• Monitor and analyze security events using SIEM platforms including Rapid7 InsightIDR, Splunk, QRadar, and Microsoft Sentinel
• Configure detection rules, correlation policies, and custom dashboards for threat identification
• Tune SIEM alerts to reduce false positives and improve detection accuracy
• Manage log ingestion, parsing, and retention policies across diverse security data sources
• Perform threat hunting activities using SIEM query languages and analytical capabilities

• Security Alert Analysis & Investigation

• Conduct real-time analysis of security alerts and prioritize incidents based on risk and impact
• Investigate suspicious activities, malware infections, and potential data breaches
• Perform initial incident triage and escalate critical threats to senior analysts and incident response teams
• Document investigation findings and maintain detailed case management records
• Correlate security events across multiple platforms to identify attack patterns and campaigns

• SOAR Implementation & Automation

• Develop and maintain Security Orchestration, Automation, and Response (SOAR) playbooks
• Automate routine security tasks including alert enrichment, containment actions, and notification workflows
• Design automated response procedures for common security incidents and attack vectors
• Configure integration between SOAR platforms and security tools for seamless workflow execution
• Measure and optimize automation effectiveness and response time improvements

• Security Operations Center Support

• Provide 24/7 SOC monitoring and first-line incident response capabilities
• Maintain security operations documentation including runbooks, procedures, and escalation matrices
• Support security awareness initiatives and provide feedback on security tool effectiveness
• Collaborate with threat intelligence teams to integrate IOCs and threat feeds into detection systems
• Generate security metrics, KPIs, and executive reporting on security operations performance

Technical Skills

• 6+ years experience in security operations center (SOC) or security monitoring roles
• Expert proficiency with SIEM platforms (Rapid7 InsightIDR, Splunk, IBM QRadar, Microsoft Sentinel)
• Strong experience with SOAR platforms (Phantom, Demisto, Swimlane) and automation development
• Knowledge of security technologies including EDR, NDR, IDS/IPS, and threat intelligence platforms
• Understanding of network protocols, log analysis, and security event correlation techniques
• Proficiency in scripting languages (Python, PowerShell) for automation and custom integrations

• Security Skills

• Strong understanding of cybersecurity frameworks (NIST, MITRE ATT&CK) and threat landscapes
• Experience with incident response procedures and forensic investigation techniques
• Knowledge of malware analysis, threat hunting, and behavioral analytics
• Understanding of compliance requirements and security audit processes

• Preferred Qualifications

• Bachelor\'s degree in Cybersecurity, Information Technology, or related field
• Security certifications (Security+, CySA+, GCIH, GCFA, CISSP)
• Experience with cloud security monitoring (AWS CloudTrail, Azure Security Center, GCP Security Command Center)
• Background in network security, endpoint protection, and vulnerability management
• Knowledge of DevSecOps practices and security tool integration