Security Operations Center (SOC) Analyst - (100% Remote) - Level 3

Our customer is a large United States insurance company with over 100 years of experience, providing insurance products and services for businesses and professionals across the United States, Canada, and Europe. Headquartered in Chicago, IL, they operate more than 20 US locations.

We are seeking a contract SOC Analyst III to support our customer's business needs. This role is 100% remote.

This individual contributor role for the first shift focuses on proactively detecting adversary activities within the network to achieve discovery before threats complete their missions. The ideal candidate will have skills and experience in log analysis, network traffic analysis, and familiarity with the MITRE ATT&CK framework.

Shift hours are approximately 4pm-12:45am CST, subject to slight variation depending on A-side vs. B-side scheduling.

1. Work as part of the global IT security team, collaborating closely with US SOC teams.
2. Perform duties in accordance with departmental guidelines, including real-time and historical analysis using the company's security suite (Endpoint Protection, SIEM, Firewall, EDR, IDS, Email Gateway, Web Content Filtering, NDR, and Identity Management).
3. Conduct incident response triage to assess suspected hosts for ongoing attacks and scope.
4. Review and mentor junior staff to ensure quality and foster career growth.
5. Stay updated on attacker tactics, techniques, and procedures to identify sophisticated threats.
6. Collaborate with SOC, Intelligence, Incident Response, and Enterprise Security teams on investigations and threat hunting.
7. Identify visibility gaps and recommend improvements.
8. Develop and update playbooks, processes, and detection capabilities based on investigation feedback.
9. Coordinate with third-party vendors for advanced forensics, malware reverse-engineering, and host review tasks.
10. Communicate security incident details effectively to business stakeholders and non-technical audiences.
11. Perform additional duties as assigned.

1. At least 5 years of technical experience in security across multiple platforms, operating systems, and network protocols, or equivalent experience.
2. Industry certifications preferred (e.g., CISSP, GCFA, GCIH, GCFE) or related discipline/experience in Computer Science.
3. Familiarity with SOC operations, scheduling, and tools including SIEM, SOAR, and DFIR products.
4. Knowledge of incident response lifecycle and cybersecurity best practices.
5. Understanding of security policies, regulations (e.g., SOX, privacy), and internal controls.
6. Strong analytical, problem-solving, and communication skills.
7. Ability to manage multiple technical projects effectively.
8. Proficiency in Microsoft Office and other relevant software; additional technologies depend on support area.
9. Preferred: Insurance industry knowledge.

We offer a competitive salary range, typically starting at the median based on experience and qualifications. Contractor benefits are available through our third-party employer of record, including Medical, Dental, Vision, and 401k. We are an Equal Opportunity Employer, committed to diversity and inclusion.