Sr. SOC Analyst

Roles & Responsibilities

Security Incident Response & Threat Management

• Lead incident response efforts by validating, triaging, and escalating security alerts from multiple sources (XDR, SIEM, Proofpoint, MSSP).
• Investigate unresolved malware alerts in XDR and ensure proper remediation workflows are followed.
• Conduct AWS detection monitoring gap analysis to improve coverage of cloud-based security threats.
• Investigate DNS lookup failures, authentication anomalies, and escalation alerts to prevent security incidents.

Security Automation & MSSP Integration

• Overhaul and maintain the SOAR platform (Barricade) to improve automated response workflows and integrate new use cases.
• Complete TSI (Threat Signal Integration) API integration with ServiceNow to streamline MSSP alerts and ensure pre-reviewed alerts before ticket escalation.
• Collaborate with the MSSP (Cyderes) to ensure escalations and detections are properly handled and fine-tuned.

SIEM & Security Data Onboarding

• Onboard and manage new data sources in Splunk, ensuring proper normalization and parsing of security logs.
• Review and optimize firewall rule logging to balance security visibility and cost-effective Splunk licensing.
• Create and refine security monitoring use cases in Splunk, Cortex XDR, Proofpoint, and Akamai.
• Develop Akamai logging and security use cases to detect web-based threats and improve attack visibility.

Salary Range: $100,000 - $110,000 base salary per year

#LI-DH1