Job Description:
• Monitor and triage security alerts generated by SIEM, EDR, and security monitoring tools
• Investigate security incidents including phishing, malware, endpoint compromise, and unauthorized access
• Perform root-cause analysis and document incident findings and remediation actions
• Tune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelity
• Conduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providers
• Respond to security incidents in accordance with established incident response playbooks and SLAs
• Escalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidence
• Assist with vulnerability management findings and validation of remediation
• Support log ingestion, parsing, normalization, and retention requirements for SIEM platforms
• Maintain accurate case notes, incident reports, and security documentation
• Collaborate with IT, engineering, and security teams to improve overall security posture
Requirements:
• 2+ years of hands-on experience in a SOC, cybersecurity, or security operations role
• Practical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic)
• Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systems
• Familiarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR)
• Understanding of the incident response lifecycle and security alert triage
• Working knowledge of common attack techniques and indicators of compromise (IOCs)
• Experience with the MITRE ATT&CK framework
• Strong documentation and communication skills
• Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified User
Benefits: