SOC Resource - Security Analyst 4 roles

SOC Resource - Security Analyst 4 roles

Remote contract for 6-12 months

Someone in Nearshore to US - preferably south of the US

Start Date: As soon as possible.

Coverage Goal: True 24x7 SOC coverage

Scheduling Flexibility:

• Initially aligned to EST / New York business hours.
• Resources will gradually be rotated into evening/weekend shifts based on gaps.
• Onboarding can be staggered

We are seeking four contract Security Analysts to restore full 24x7 Security Operations Center (SOC) coverage through the end of 2025.

This is a temporary, operational support engagement designed to sustain the security function during the transition period.

These analysts will be responsible for core SOC functions, with a strong focus on Incident Response including detection, triage, containment, remediation, and post-incident reporting.

Candidates must be capable of managing incidents end-to-end and interfacing with both internal and external stakeholders as needed.

Beyond incident response, the role includes contributing to day-to-day security administration across systems such as CrowdStrike, Microsoft Entra, Duo, and Cisco Umbrella.

Analysts are expected to identify and act on opportunities to improve the overall security posture.

All four resources will report into the SOC and be functionally managed by Michael Burgher.

Strong communication skills, the ability to work independently, and a proactive mindset are essential.

All four should be Mid-Level Analysts, capable of operating with moderate oversight and executing core SOC functions effectively.

Ideally, our preference would be for one of them to be a Senior Analyst who can act as a lead, a technical escalation point for the other three and can fully manage incidents end-to-end.

KEY RESPONSIBILITIES

All analysts will be expected to:

• Monitor, triage, and respond to security alerts.
• Lead or assist with incident management from detection through resolution.
• Conduct post-incident analysis and create clear, professional incident reports and postmortems.
• Investigate anomalies and suspicious behavior (e.g., login anomalies, access violations).
• Interface with external teams during live incidents, including on calls.
• Handle patch and vulnerability remediation, especially for gaps not covered by automated tools.

REQUIRED SKILL SET

• CrowdStrike EDR: Investigation, alert triage, threat hunting.
• Core Security Mechanisms in Windows: The IT environment is primarily windows. Candidates should have functional knowledge of core windows security mechanisms.

o Security Principals and Security Identifiers

o Access Tokens

o Security Descriptors, DACLS/Discretionary Access Control, Access Control Entries (ACEs)

o Windows Privileges

o Kerberos and NTLM

• OS & Core Platform Skills: o Windows security administration.

o Linux OS security administration. This is a much small part of the environment and less critical. Basic Linux skills are sufficient.

o Basic scripting or automation skills (e.g., PowerShell, Python).

• Network & Identity: o Microsoft Entra ID (formerly Azure AD), including role-based access, MFA, SSO troubleshooting.

o Familiarity with Cisco Duo or Microsoft MFA systems.

o Basic knowledge of SSO (SAML) and troubleshooting auth integrations.

DESIRED SKILLS

• DNS Security, preferably Cisco Umbrella.
• Familiarity with Palo Alto firewalls and general network security principles.
• Experience with log aggregation and monitoring platforms (e.g., Zabbix, ELK).
• Experience with vulnerability management workflows.
• Familiarity with Tanium and manual patching or software remediation.