Remote Security Analyst jobs – Full‑Time Senior Position in Crown Point, Indiana – SIEM, SOC, $95k‑$115k Salary, Remote Work

TITLE:Remote Security Analyst jobs – Full‑TimeSenior Position in Crown Point, Indiana – SIEM, SOC, $95k‑$115kSalary,Remote Work --- We’re a midsize, privately‑owned security services firm that grew from a garage‑startup in Crown Point, Indiana to a trusted partner for over 250 enterprise customers across North America. Our headquarters sit in a converted warehouse in downtown Crown Point, Indiana, but the heartbeat of our Security Operations Center (SOC) is the people who log in from kitchens, coffee shops, and home offices.### Why this role exists now In the last 12 months we saw a 38 % jump in ransomware attempts targeting the healthcare and financial sectors—two of our biggest verticals. Our clients asked for faster detection, tighter containment, and more proactive threat hunting. To meet that demand we’ve expanded the SOC from ten to twelve analysts and added a new “Threat Intelligence Integration” stream that requires senior talent who can own end‑to‑end alert life cycles. We’re also rolling out a multi‑cloud SIEM migration from Splunk Enterprise to Azure Sentinel, and we need people who can bridge those platforms while keeping the day‑to‑day monitoring running smoothly.That’s why we’re hiring aRemote Security Analyst today, with a base salary between $95 k and $115 k, plus quarterly performance bonuses, to work full‑time from anywhere in the United States—but with a strong connection to our home base in Crown Point, Indiana. ### A day in the life (the human side) “​I still remember the night a spoofed email slipped past our filters and landed in a CFO’s inbox. We barely had ten minutes to lock the account, run a forensic capture, and coordinate with legal before the attacker tried to move funds.The adrenaline, the teamwork, and the fact that we saved a $2 million transaction—that’s what keeps me up at 3 a.m. and makes every alert worth it.” – Jordan, senior SOC managerYour day will start by logging into our centralized dashboard (Azure Sentinel) and reviewing the overnight queue. On an average week we process roughly 2,500 alerts, triage about 92 % within the first 30 minutes, and resolve or escalate the remaining 8 % after deeper investigation. You’ll spend 60 % of your time on Tier‑1 and Tier‑2 triage, 25 % on threat hunting hunts (think “hunt‑the‑unknown” using Elastic Search and OSQuery), and 15 % on post‑incident reviews and documentation.When a high‑severity incident hits—say a credential‑stuffing attack or a malicious PowerShell chain—you’ll lead the response, coordinate with our engineering team, and keep the client updated in real time. After the incident, you’ll write a concise “lessons learned” brief that feeds into our continuous improvement loop. ### Who we’re looking for -Experience: At least 4 years in a SOC or cyber‑defense role, preferably with a focus on incident response, threat hunting, or security monitoring. - Certifications: CEH, GCIH, or CISSP are a plus; we value proven skill more than paper, but a current cert shows commitment.- Technical chops: Comfortable using Splunk, Azure Sentinel, Elastic Stack, Wireshark, and command‑line tools on both Windows and Linux. Python (or PowerShell) scripting for automation is expected. - Analytical mindset: Ability to distinguish signal from noise in a sea of alerts, and to ask “what’s the attacker’s next move?” before the next alert even appears. - Communication: You’ll need to translate technical findings into plain‑English summaries for executives and for clients who are not security‑savvy.- Team spirit:Our SOC runs on collaboration—peer reviews, shared “playbooks,” and daily stand‑ups at 9 a.m. EST (the time zone of Crown Point, Indiana). If you’ve spent evenings on CTFs, contributed to open‑source security tools, or built a personal lab to replay attacks, you’ll fit right in. ### What you’ll own 1. Alert triage & escalation – Review incoming alerts from SIEM, IDS/IPS, and cloud logs; determine severity, assign owners, and drive incidents to resolution. 2. Threat hunting – Design and execute hypothesis‑driven hunts using Elastic Kibana, OSQuery, and custom Python scripts; surface hidden threats that evade traditional detection.3. Incident response – Lead initial containment, evidence collection, and eradication steps; coordinate with engineering to apply fixes and with legal for compliance. 4. Playbook development – Write, test, and maintain detection and response playbooks for ransomware, credential abuse, insider threat, and supply‑chain attacks. 5. Metrics & reporting – Track key performance indicators (MTTR, false‑positive rate, detection coverage) and present monthly scorecards to leadership. 6. Mentorship – Provide guidance to junior analysts, conduct “shadow‑the‑analyst” sessions, and help onboard new hires remotely.### Tools you’ll work with (our stack) - SIEM: Azure Sentinel (primary), Splunk Enterprise (legacy) - Log aggregation: Elastic Stack (Elasticsearch, Logstash, Kibana) - Endpoint detection: CrowdStrike Falcon, Microsoft Defender for Endpoint - Network monitoring: Zeek, Wireshark, Palo Alto Panorama - Vulnerability scanning: Tenable Nessus, OpenVAS, Qualys Cloud Platform - Automation & scripting: Python 3.x, PowerShell 7, Bash, Ansible for playbook orchestration - Ticketing: ServiceNow (ITSM) and JIRA (incident tracking) - Collaboration: Slack (with SOC channels), Confluence for documentation, Miro for visual incident timelines - Cloud platforms: Azure, AWS (CloudTrail, GuardDuty) – we’re expanding into GCP next quarter ###The team you’ll joinOur SOC is a close‑knit crew of 12 analysts, split into three shifts to provide 24/7 coverage.The senior analysts (including you) act as both technical leads and mentors. We have two dedicated “Threat Intel” liaisons who feed us the latest IOCs from open‑source feeds and commercial feeds like Recorded Future. The engineering side consists of six security engineers who build custom parsers and detection rules. A typical rotation looks like this: - Morning (9 a.m.–12 p.m., EST) – Stand‑up, review overnight incidents, assign tickets, and share any new IOCs from the intel team. - Midday (12 p.m.–3 p.m.) – Deep‑dive investigations, threat hunting sessions, and playbook revisions.- Afternoon (3 p.m.–6 p.m.) – Knowledge‑transfer, mentorship, and prepping for the hand‑over to the night shift. Even though most of us are remote, we gather twice a year for an in‑person “SOC Summit” at our office in Crown Point, Indiana. Those trips are a mix of technical workshops, team‑building hikes in the nearby hills, and a night of pizza that turns into an impromptu karaoke session. ### Why Crown Point, Indiana matters to usOur roots in Crown Point, Indiana give us a perspective that blends Midwestern reliability with a tech‑forward mindset.The community’s emphasis on work‑life balance influences how we structure our shifts: we try to keep night‑shift alerts low, so analysts can enjoy evenings with family. The cost of living here allows us to offer competitive salaries while keeping remote staff comfortable, regardless of where they live. You’ll find ourselves mentioning Crown Point, Indiana in our internal newsletters, in client case studies (e.g., “A Crown Point, Indiana‑based health system reduced ransomware dwell time by 73 %”), and even in the occasional Slack channel meme about the city’s famous chili.### What you’ll get out of this role -Salary: $95 k–$115 k base, paid bi‑weekly, with a performance‑linked quarterly bonus up to 12 % of base. -Benefits: 100 % employer‑paid health, dental, and vision; 401(k) match up to 5 %; generous PTO (20 days + federal holidays) plus “mental‑health days.” - Learning budget: $2 k per year for certifications, conferences (Black Hat, SANS, RSA), or online courses—no need to ask for approval. - Equipment: High‑end laptop (MacBook Pro or Dell XPS), dual monitors shipped to your home, a $250 monthly stipend for internet/phone.- Remote‑first culture: Flexible schedule, async communication when possible, and a “no‑camera‑required” policy for meetings. -Career path: Clear ladder from Analyst →Senior Analyst → SOC Lead → Security Operations Manager, with transparent promotion criteria based on metrics and peer feedback. ### How we measure success - Mean Time to Detect (MTTD) – target ≤ 5 minutes for high‑severity alerts. - Mean Time to Respond (MTTR) – target ≤ 30 minutes for containment steps. - False‑positive rate – maintain ≤ 8 % after tuning detection rules.- Threat‑hunt ROI – at least one new detection rule per quarter derived from a successful hunt. Your quarterly review will include a data‑driven scorecard, a peer feedback session, and a one‑on‑one with the SOC manager to discuss growth opportunities. ###The human moment (again) “​When I first joined the team, I was juggling a newborn, a dog, and a night‑shift schedule. The crew sent me a surprise “Welcome Kit” with a custom mug that said ‘Secure the Night, Sleep the Day’ and a handwritten note from the engineering lead in Crown Point, Indiana.That small gesture reminded me that even in a remote‑first world, we’re still a family.” – Maria, Junior Analyst ### Application process 1. Submit your resume via our career portal (link below). 2. Complete a short technical questionnaire (10 minutes) focusing on SIEM query writing and incident‑response scenarios. 3. Phone screen with our HR partner – expect questions about your remote work setup and how you stay motivated. 4. Live technical interview (90 minutes) with two senior analysts: one focused on triage, the other on hunting.You’ll walk through a real‑world case study (no live hacking, just log analysis). 5. Final conversation with the SOC manager (30 minutes) to discuss culture fit, career aspirations, and any questions you have about working with our team in Crown Point, Indiana. We aim to complete the process within three weeks; if you’re selected, you’ll receive an offer letter, equipment list, and an onboarding plan the same day. ### Final thoughts If you thrive on turning noisy alerts into actionable insight, love hunting the hidden corners of a network, and want to be part of a team that values both technical excellence and genuine human connection, we’d love to hear from you.Our doors (virtual and physical in Crown Point, Indiana) are open, and the next wave of cyber threats won’t wait—so neither should you. Ready to secure tomorrow, today? Click “” and let’s start the conversation. Apply tot his job