Security Operations Center Analyst, L1 or L2

Vaco is partnering with a nationally recognized retail organization to build out its Security Operations Center as part of a broader cybersecurity maturity initiative. This team supports enterprise security across corporate systems, retail operations, and cloud-heavy environments.

These contract roles will sit within a growing SOC organization focused on strengthening detection, response, vulnerability management, and data protection capabilities. The environment includes MDR, EDR, SIEM, SOAR automation, vulnerability management tooling, and DLP programs aligned to frameworks such as NIST and CIS.

This position is based in Tempe, Arizona and requires in-office presence Monday through Thursday. Fridays are optional remote days.

Level will be determined based on experience. Opportunities to extend and/or convert are on the table as well. This role is not open for C2C engagements. 

What You’ll Be Doing

• Monitor security events and alerts across SIEM, MDR, and EDR platforms

• Investigate, triage, and escalate security incidents in accordance with established playbooks

• Support incident response activities including containment, eradication, and recovery efforts

• Document findings and contribute to post-incident reviews and lessons learned exercises

• Assist with vulnerability management efforts including validation, prioritization, and remediation tracking

• Partner with infrastructure and application teams to support timely patching and risk mitigation

• Contribute to DLP monitoring and investigation of potential data exfiltration events

• Participate in SOC workflow refinement and continuous improvement initiatives

• Support the development and tuning of detection rules and automation within SOAR platforms

• Maintain accurate case documentation and metrics for reporting and compliance alignment

Required Experience

L1 Expectations

• 1+ years of experience in a SOC, incident response, or cybersecurity operations role

• Hands-on experience working with SIEM platforms and alert triage

• Familiarity with EDR and endpoint security tools

• Understanding of common attack vectors and incident response fundamentals

• Strong documentation and communication skills

L2 Expectations

• 3+ years of cybersecurity operations experience

• Proven experience handling complex investigations independently

• Experience tuning detection rules and improving alert fidelity

• Strong understanding of vulnerability management processes

• Familiarity with SOAR automation workflows

• Experience operating in cloud-based environments such as AWS, Azure, or GCP

For both levels:

• Working knowledge of frameworks such as NIST, CIS Controls, PCI, SOX, or CCPA

• Ability to operate effectively during high-pressure, time-sensitive incidents

• Strong analytical and critical thinking skills

Nice to Have

• Experience in SaaS-heavy or multi-cloud environments

• Exposure to DLP tools and data classification programs

• Scripting experience in Python, PowerShell, or similar

• Industry certifications such as Security+, CySA+, GCIH, or similar

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.