Job Description
We're seeking a future team member for the role of Senior SOC Analyst to join our Security Operations Center team. This role can be in Pittsburgh PA or Lake Mary FL.
Schedule:
Sunday-Thursday 1PM - 9 PM Key Responsibilities Lead triage and investigation of security alerts, escalating and coordinating incident response as needed. Perform root cause analysis, scope affected assets, and drive containment, eradication, and recovery. Correlate events across SIEM, EDR, IDS/IPS, firewalls, cloud logs, and identity platforms to identify true positives and reduce false positives. Develop, refine, and maintain SOC playbooks, runbooks, and detection logic aligned to the MITRE ATT&CK
framework. Mentor junior analysts and provide guidance on investigation techniques, documentation standards, and operational best practices. Coordinate with Threat Intelligence to enrich investigations, track adversary TTPs, and proactively hunt for indicators of compromise. Partner with Engineering teams to tune detections, improve log fidelity, and strengthen preventive controls. Create clear, actionable incident reports and executive summaries; contribute to metrics and trend analysis. Support purple team exercises and post-incident reviews to capture lessons learned and drive continuous improvement. Ensure adherence to regulatory and security policies; maintain audit-ready documentation for investigations and incidents. Qualifications 6 and 3; years of experience in a SOC, incident response, or threat detection role, including Tier 2/3 investigations. Advanced proficiency with SIEM (e.g., Splunk, QRadar, Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and SOAR platforms. Strong knowledge of network security, Windows/Linux, identity systems, and common cloud logging sources. Hands-on experience with the MITRE ATT&CK
framework, threat hunting, IOC/IOA development, and detection tuning. Demonstrated ability to lead complex incidents, coordinate stakeholders, and communicate clearly under time pressure. Scripting or automation experience (e.g., Python, PowerShell) for investigation enrichment and workflow improvements. Familiarity with NIST CSF/800-61, CIS
Controls, and common regulatory requirements impacting incident response. Excellent documentation skills and an evidence-driven approach to investigations. Preferred Qualifications Relevant certifications:
GCIA, GCED, GCIH, GCFA, GNFA, CISSP, CCSP, or equivalent experience. Experience with ticketing and case management systems (e.g., ServiceNow) and knowledge management practices. Prior experience with threat intel platforms, sandboxing tools, and malware triage is a plus. Work Schedule This role is scheduled Sunday- Thursday 1 PM - 9 PM, to support operational coverage. Occasional flexibility may be required during major incidents or planned exercises
