Cybersecurity Analyst – SOC Operations

Overview

The Cybersecurity Analyst will serve as a member of the Security Operations Center (SOC) within the IT Security team. This role is responsible for monitoring, investigating, and responding to cybersecurity events across a hybrid enterprise environment consisting of both on-premises and cloud-based infrastructure.

This position focuses heavily on security operations, threat detection, incident triage, and response activities. The analyst will work escalated Tier II / III security incidents received from the organization’s Managed Detection & Response (MDR) provider and internal monitoring platforms, while partnering closely with Infrastructure, Cloud, and Security Engineering teams to support enterprise-wide security operations and continuous improvement initiatives.

Key Responsibilities

• Monitor, investigate, and respond to security alerts and incidents generated by SIEM, EDR, NDR, MDR, and cloud-native security platforms
• Perform event triage, validation, threat analysis, and incident classification for escalated Tier II / III security events
• Execute and coordinate incident response activities including containment, investigation, remediation, and recovery efforts
• Analyze security events across hybrid enterprise environments including on-premises infrastructure, endpoints, servers, identity systems, and cloud platforms
• Review cloud security alerts, audit logs, and telemetry to support Cloud Detection & Response (CDR) operations
• Assist with tuning and improving enterprise security monitoring, alert correlation, log collection, and detection quality
• Collaborate with Security Engineering, Infrastructure, and Cloud teams to strengthen monitoring coverage and improve SOC operational workflows
• Support automation and process improvement initiatives related to threat detection and incident response
• Document security incidents, investigations, response actions, and operational procedures in accordance with established security processes
• Assist with operational reporting, security metrics, incident trending, and leadership-facing security summaries
• Maintain awareness of evolving cyber threats, attack techniques, and industry best practices relevant to enterprise and cloud security operations

Required Qualifications

• College degree, technical training, or equivalent professional experience preferred
• Security-related certifications preferred (CompTIA Security+, CySA+, GIAC, GSEC, GCIH, or similar)
• 3+ years of experience in a cybersecurity, SOC, or security operations role
• Prior experience supporting enterprise environments across servers, endpoints, networks, or cloud infrastructure
• Experience operating within hybrid environments consisting of both on-premises and cloud technologies
• Familiarity working with MDR providers and escalated security incident workflows preferred
• Participation in professional cybersecurity organizations or communities is a plus (ISSA, ISACA, InfraGard, ISAC/ISAO, etc.)

Desired Technical Skills

• Security event monitoring and alert triage
• Incident response and threat investigation
• SIEM platforms and security log analysis
• Endpoint Detection & Response (EDR) technologies
• Network Detection & Response (NDR) concepts
• Cloud security monitoring and Cloud Detection & Response (CDR)
• Security alert correlation and detection rule tuning
• Knowledge of hybrid identity and enterprise authentication environments
• Understanding of modern attacker tactics, techniques, and procedures (TTPs)
• Strong analytical, troubleshooting, and problem-solving skills
• Strong written and verbal communication abilities
• Ability to operate effectively within a collaborative SOC and incident response environment