SOC Analyst /Incident Responder

ABOUT BLACK KITE

Black Kite is the global leader in third-party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business leaders a continuous, outside-in view of their entire vendor ecosystem — translating complex cyber, financial, and compliance signals into clear, actionable risk intelligence. We go beyond open standards-based cyber ratings. Black Kite helps organizations make smarter risk decisions, strengthen business resilience, and scale their third‑party cyber risk management programs in an increasingly complex digital environment. Our work has earned consistent recognition from customers and industry analysts alike.

WHY BLACK KITE

We’re a fast-moving, high-impact team solving one of the most critical challenges in cybersecurity today. If you’re looking to do meaningful work alongside sharp, collaborative people — and grow your career in a space that matters — you’re in the right place.

THE OPPORTUNITY

The SOC Analyst / Incident Responder is a mid-level security operations practitioner who owns their work. You will monitor and triage security events, lead incident investigations, execute response activities, and contribute to the continuous improvement of Black Kite's detection and response capability. You report to the SOC Manager and operate with meaningful autonomy on day-to-day security operations. This is not a ticket-routing role. You bring analytical depth to alert investigations, structured thinking to escalations, and proactive energy to threat hunting. You work independently on assigned responsibilities, exercise judgment within established guidelines, and bring the SOC Manager into decisions that warrant it — not for every event.

RESPONSIBILITIES

Security monitoring & alert triage Monitor security events across email, endpoint, network, identity, and data loss prevention systems during assigned coverage windows Triage incoming alerts — distinguish genuine threats from false positives, apply context, and prioritize response actions accordingly Identify anomalous behavior patterns in log and telemetry data that may indicate threats not captured by automated detections Maintain awareness of evolving attack techniques and apply that knowledge to daily detection and triage work Incident response Lead investigation and response for declared security incidents within scope — from initial detection through containment, eradication, and documentation Execute established incident response playbooks accurately and completely; escalate to the SOC Manager when events exceed defined thresholds or require judgment outside the playbook Coordinate with internal stakeholders — legal, operations, HR, and leadership — as appropriate during active incidents Support threat hunting activities, proactively searching for indicators of compromise and undetected adversary activity Conduct digital forensics analysis to support incident investigation and post‑incident review Documentation & reporting Produce thorough, accurate incident reports documenting the full timeline, evidence chain, response actions taken, and recommendations Present findings and case summaries to the SOC Manager and information security leadership on a routine basis Maintain and improve incident handling procedures based on lessons learned from investigations Research emerging threats, attack methods, and digital forensics techniques; share relevant findings with the broader security team Security operations improvement Identify gaps or inefficiencies in detection coverage and alert quality; bring concrete recommendations to the SOC Manager Contribute to the refinement of playbooks, escalation criteria, and response procedures based on operational experience Support Black Kite's security research function with technical review and proofreading of research content

WHAT YOU BRING

2–4 years of hands‑on experience in security operations, incident response, or a closely related technical discipline Solid working knowledge of incident response methodology — identification, containment, eradication, recovery, and post‑incident review Understanding of security architecture and networking fundamentals: TCP/IP, DNS, SMTP, and common attack vectors at each layer Working knowledge of Linux/Unix and Windows operating systems including command‑line proficiency Experience with at least one scripting language — Python or Bash — for log analysis, automation, or investigation support Demonstrated ability to produce clear, structured incident documentation that can be read and understood by auditors and leadership Exercises judgment within defined guidelines — knows when to act, when to elevate, and how to communicate the difference clearly Comfortable working independently in a small, high‑ownership team where initiative is expected

PREFERRED

Prior experience in a SOC, MSSP, or security operations function at a SaaS or cloud‑native company Familiarity with SIEM, DLP, endpoint detection and response, email security, or identity security platforms in an operational context Experience with security assessment tooling — network scanners, vulnerability assessment tools, or forensics platforms Active or in‑progress certification: CompTIA CySA+, GIAC GCIH, CEH, or equivalent Exposure to compliance‑sensitive environments — FedRAMP, SOC 2, or ISO 27001 — where incident documentation quality has audit implications The expected base salary range for this role is $75,000‑85,000 per year. Compensation at Black Kite is more than just base pay — we offer a total rewards program that includes performance‑based bonuses, equity, flexible healthcare options, paid time off, and retirement savings programs. The annual base salary range for this position represents a nationwide market range and reflects a broad spectrum of salaries for this role across the United States. Actual compensation will depend on factors such as qualifications, skills, experience, and the scope, complexity, and location of the role. #J-18808-Ljbffr Blackkite