Security Operations Center Analyst

Security Incident Response & Threat Management

• Lead incident response efforts by validating, triaging, and escalating security alerts from multiple sources (XDR, SIEM, Proofpoint, MSSP).
• Investigate unresolved malware alerts in XDR and ensure proper remediation workflows are followed.
• Conduct AWS detection monitoring gap analysis to improve coverage of cloud-based security threats.
• Investigate DNS lookup failures, authentication anomalies, and escalation alerts to prevent security incidents.

Security Automation & MSSP Integration

• Overhaul and maintain the SOAR platform (Barricade) to improve automated response workflows and integrate new use cases.
• Complete TSI (Threat Signal Integration) API integration with ServiceNow to streamline MSSP alerts and ensure pre-reviewed alerts before ticket escalation.
• Collaborate with the MSSP (Cyderes) to ensure escalations and detections are properly handled and fine-tuned.

SIEM & Security Data Onboarding

• Onboard and manage new data sources in Splunk, ensuring proper normalization and parsing of security logs.
• Review and optimize firewall rule logging to balance security visibility and cost-effective Splunk licensing.
• Create and refine security monitoring use cases in Splunk, Cortex XDR, Proofpoint, and Akamai.
• Develop Akamai logging and security use cases to detect web-based threats and improve attack visibility.

Job Type: Full-time

Pay: Up to $115,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Vision insurance

Compensation Package:

• Bonus opportunities
• Quarterly bonus

Schedule:

• Day shift
• Monday to Friday

Work Location: In person

Salary : $115,000