SOC Analyst

SOC Analyst

Direct hire role. Preferably based in one of the following areas: Fresno / Albany / Charlotte, but strong candidates from other locations will be considered for fully remote. No 3rd parties please, no sponsorship.

Summary

The SOC Analyst monitors and triages security alerts across endpoint, identity, email, network, and cloud telemetry. This role is responsible for accurate alert investigation, timely escalation, and thorough documentation of actions taken and results observed. The SOC Analyst works within defined playbooks while contributing to detection quality improvements through feedback, tuning recommendations, and identification of recurring gaps.

Responsibilities

• Monitor SIEM/EDR and related security tooling for alerts, anomalies, and indicators requiring investigation.
• Perform alert triage: validate signal quality, identify affected entities, assess scope, and determine next steps per playbooks.
• Investigate endpoint and identity activity (Windows/macOS, Entra ID/Azure AD, Microsoft 365) and correlate with network/email telemetry as available.
• Execute initial containment actions when authorized (e.g., isolate host, disable account, revoke sessions/tokens) following documented procedures and approval gates.
• Escalate suspected incidents to incident response resources with clear summaries, supporting artifacts, and recommended next actions.
• Maintain complete case notes and evidence references: sources reviewed, queries executed, timestamps, and observed results.
• Support client communications through status updates aligned to SLAs and internal escalation standards.
• Assist with detection engineering feedback loops: identify false positives, propose tuning, and document root causes of noisy alerting.
• Contribute to knowledge base/playbook maintenance: update procedures based on outcomes, new detections, and tooling changes.
• Participate in shift handoffs using standardized formats to maintain continuity and accountability.

Requirements

• 2+ years of experience in a SOC, MSSP, IR support, or security analyst role (or equivalent demonstrated experience).
• Familiarity with alert triage workflows and ticketing/case management (e.g., Jira, ServiceNow, Halo, etc.).
• Working knowledge of common log sources and telemetry: EDR, Windows Event Logs, firewall/proxy, DNS, email security, cloud audit logs.
• Comfort with investigative querying in at least one platform (SIEM, EDR, or log analytics tool) and ability to document queries and results.
• Understanding of attacker tradecraft basics (MITRE ATT&CK concepts, common persistence and credential access patterns).
• Strong written communication and documentation discipline; ability to produce clear incident notes without speculation.
• United_States Citizen, based in the US

Preferred

• Experience with one or more of: Microsoft Sentinel, Splunk, Elastic, QRadar, CrowdStrike, Microsoft Defender for Endpoint, SentinelOne.
• Microsoft 365 / Entra ID (Azure AD) investigation experience (sign-in risk, conditional access context, mailbox rules, OAuth app activity).
• Basic scripting/automation familiarity (PowerShell, Python) for enrichment and repeatable triage steps.
• Experience supporting managed security services with SLAs and defined escalation paths.