Security Operations (SecOps) Analyst

Security Operations (SecOps) Analyst

Position Overview

We are seeking a Security Operations Analyst to monitor, detect, and respond to cybersecurity threats through advanced SIEM platforms, automated response workflows, and comprehensive security operations center (SOC) activities, ensuring 24/7 protection of organizational assets and rapid incident response capabilities.

Key Responsibilities

SIEM Platform Management

• Monitor and analyze security events using SIEM platforms including Rapid7 InsightIDR, Splunk, QRadar, and Microsoft Sentinel

• Configure detection rules, correlation policies, and custom dashboards for threat identification

• Tune SIEM alerts to reduce false positives and improve detection accuracy

• Manage log ingestion, parsing, and retention policies across diverse security data sources

• Perform threat hunting activities using SIEM query languages and analytical capabilities

Security Alert Analysis & Investigation

• Conduct real-time analysis of security alerts and prioritize incidents based on risk and impact

• Investigate suspicious activities, malware infections, and potential data breaches

• Perform initial incident triage and escalate critical threats to senior analysts and incident response teams

• Document investigation findings and maintain detailed case management records

• Correlate security events across multiple platforms to identify attack patterns and campaigns

SOAR Implementation & Automation

• Develop and maintain Security Orchestration, Automation, and Response (SOAR) playbooks

• Automate routine security tasks including alert enrichment, containment actions, and notification workflows

• Design automated response procedures for common security incidents and attack vectors

• Configure integration between SOAR platforms and security tools for seamless workflow execution

• Measure and optimize automation effectiveness and response time improvements

Security Operations Center Support

• Provide 24/7 SOC monitoring and first-line incident response capabilities

• Maintain security operations documentation including runbooks, procedures, and escalation matrices

• Support security awareness initiatives and provide feedback on security tool effectiveness

• Collaborate with threat intelligence teams to integrate IOCs and threat feeds into detection systems

• Generate security metrics, KPIs, and executive reporting on security operations performance

Required Qualifications

Technical Skills

• 6+ years experience in security operations center (SOC) or security monitoring roles

• Expert proficiency with SIEM platforms (Rapid7 InsightIDR, Splunk, IBM QRadar, Microsoft Sentinel)

• Strong experience with SOAR platforms (Phantom, Demisto, Swimlane) and automation development

• Knowledge of security technologies including EDR, NDR, IDS/IPS, and threat intelligence platforms

• Understanding of network protocols, log analysis, and security event correlation techniques

• Proficiency in scripting languages (Python, PowerShell) for automation and custom integrations

Security Skills

• Strong understanding of cybersecurity frameworks (NIST, MITRE ATT&CK) and threat landscapes

• Experience with incident response procedures and forensic investigation techniques

• Knowledge of malware analysis, threat hunting, and behavioral analytics

• Understanding of compliance requirements and security audit processes

Preferred Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, or related field

• Security certifications (Security+, CySA+, GCIH, GCFA, CISSP)

• Experience with cloud security monitoring (AWS CloudTrail, Azure Security Center, GCP Security Command Center)

• Background in network security, endpoint protection, and vulnerability management

• Knowledge of DevSecOps practices and security tool integration