SOC Analyst

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.

As a SOC Analyst within RSM Defense, you play a key role in monitoring, investigating, and responding to security events across a diverse managed security services environment. You will analyze alerts, validate potential threats, support incident response activities, and help strengthen detection capabilities across endpoint, identity, cloud, and network telemetry. You'll work closely with senior analysts, detection engineers, and response teams to ensure highquality service delivery and continuous improvement of SOC operations.

Key Responsibilities

Security Monitoring, Investigation & Incident Response

• Conduct investigations across endpoint, network, cloud, and identity telemetry to validate alerts and identify malicious activity.
• Perform initial and midtier analysis, document findings, and escalate complex cases to senior analysts as needed.
• Support incident response activities by gathering evidence, reconstructing timelines, and contributing to root cause analysis.
• Assist in developing incident summaries and clientready documentation.

Detection Support & Content Validation

• Identify false positives, tuning opportunities, and detection gaps during investigations.
• Collaborate with Detection Engineering by providing feedback on rule performance and emerging patterns seen in telemetry.
• Participate in validating new detections before they are deployed into production.

SOAR & Workflow Optimization

• Use SOAR tools to execute automated enrichment, triage steps, and response actions.
• Flag repetitive tasks or bottlenecks that may benefit from automation improvements.
• Validate automated playbook behavior and ensure alignment with SOC escalation procedures.

AIAssisted Analysis

• Leverage AI copilots and enrichment tools to support triage, log interpretation, and case documentation.
• Follow established prompt templates and qualitycheck AIgenerated outputs for accuracy.
• Provide feedback on AI performance and identify opportunities to improve SOC workflows.

Threat Hunting & Proactive Analysis

• Participate in hypothesisdriven and intelligenceled hunts by reviewing artifacts, anomalies, and suspicious activity.
• Recommend potential hunt ideas based on recurring alert patterns or telemetry observations.
• Help ensure hunt findings translate into improved detections or instrumentation.

Collaboration, Documentation & Continuous Improvement

• Maintain clear, accurate case notes and technical documentation.
• Contribute to SOC runbooks, knowledge articles, and internal process improvements.
• Collaborate with peers to share insights, improve consistency, and strengthen overall SOC performance.

Required Qualifications

• Handson experience with SIEM/EDR/XDR platforms and comfort analyzing logs and alerts.
• Familiarity with the incident response lifecycle and basic root cause analysis.
• Understanding of NIST 800171/172, CMMC, or similar compliance frameworks.

Preferred Qualifications

• Bachelor's degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
• 1-3+ years of experience in a SOC, security operations, incident response, or related role.
• Certifications such as Security+, CySA+, GSEC, or similar.
• Experience with Splunk, Elastic, Sentinel, or other searchbased platforms.
• Knowledge of MITRE ATT&CK.
• Exposure to scripting or automation tools is a plus.

Key Attributes

• Curious, analytical, and eager to learn.
• Strong communicator with solid documentation habits.
• Able to work effectively in a fastpaced, collaborative SOC environment.

At RSM, we offer a competitive benefits and compensation package for all our people.We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients.Learn more about our total rewards at

All applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership.RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at View phone number on click.appcast.io or send us an email at View email address on click.appcast.io.

RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate.

RSM will consider for employment qualified applicants with arrest or conviction records. For those living in California or applying to a position in California, please click here for additional information.

At RSM, an employee's pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.