Security Operations Analyst, Senior

📋 Description

• • Monitor, analyze, and investigate security threats across enterprise systems and networks to identify anomalies, vulnerabilities, and potential incidents.
• • Triage and respond to security alerts and incidents independently and in collaboration with senior analysts, ensuring timely containment and mitigation of threats.
• • Develop and deliver security reports and metrics to support operational awareness and leadership decision-making.
• • Support internal and external audits by collecting and analyzing evidence, assessing control effectiveness, and ensuring compliance with security frameworks and policies.
• • Track and manage remediation activities, including corrective action plans and audit findings, to ensure timely resolution of security issues.
• • Maintain and enhance security tools, controls, and monitoring capabilities to improve detection and response effectiveness.
• • Develop, implement, and continuously improve threat-informed detection rules and automated response playbooks using SIEM and SOAR platforms, including rule tuning, validation, and optimization based on incident feedback.
• • Monitor and analyze security telemetry from multiple sources including logs, endpoint data, network traffic, and cloud services to detect violations and anomalous behavior.
• • Apply threat intelligence to enhance detection capabilities, situational awareness, and incident response strategies.
• • Identify and support the onboarding and validation of new security telemetry sources to ensure comprehensive visibility across the environment.
• • Collaborate with cross-functional teams including IT, engineering, and compliance to support incident response, remediation, and security improvements.
• • Assist in the evaluation and selection of security technologies and solutions to strengthen detection, monitoring, and response capabilities.
• • Analyze and correlate data across diverse security platforms to identify patterns, root causes, and potential threats.
• • Apply security frameworks such as MITRE ATT&CK to map adversary behaviors and inform detection and response development.
• • Conduct malware analysis, network forensics, and digital forensics investigations; reverse engineering skills are a plus.
• • Utilize scripting languages such as Python and PowerShell to automate analysis, response tasks, and tool integrations.
• • Work shifts and participate in on-call rotations to provide continuous global security monitoring coverage.
• • Serve as a senior technical resource, providing mentorship, guidance, and cross-training to junior analysts to promote consistent standards in analysis, detection, and response.
• • Communicate effectively with both technical and non-technical stakeholders to explain risks, incidents, and remediation efforts.
• • Maintain expertise in operating systems (Windows, Linux, macOS), identity systems (e.g., Active Directory), and network fundamentals (TCP/IP, DNS) as they relate to security monitoring and investigation.
• • Work with endpoint, network, and host-based security tools including EDR, IDS/IPS, firewalls, vulnerability scanners, and host-based detection/prevention systems.
• • Demonstrate experience with cloud security monitoring and native security services across AWS, Azure, Google Cloud, or OCI.
• • Stay current with evolving security threats, tools, and best practices to continuously improve detection logic and response workflows.