Sr SOC Analyst

Sr SOC Analyst

The Senior SOC Analyst is responsible for detection, triage, and response operations across our enterprise. This role blends hands-on incident handling with detection engineering, playbook development, and response automation efforts. This role delivers on alerts and case management, drives resilient detection strategies, and leads hunt efforts that proactively surface threats before they become incidents.

Essential Duties and Responsibilities

• Build and operationalize SOC playbooks and escalation workflows.
• Lead alert triage, enrichment, and false-positive suppression.
• Author detection requirements; write and tune SIEM rules.
• Develop hunt hypotheses; lead hunt programs using advanced elemetry and signals intelligence.
• Design detection strategies across the kill chain; drive enterprise detection strategy.
• Execute incidents end-to-end: containment/eradication, documentation, and communication.
• Conduct post-incident reviews and drive remediation and control improvements.
• Encourage industry collaboration; embed resilient detection engineering practices.
• Advocate and implement automation-first incident response.

Qualifications

• Proven experience in a SOC or equivalent detection & response function and is passionate about high-fidelity detections, repeatable playbooks, and measurable outcomes.
• 3-5 years in Security Operations, Detection & Response, or Incident Handling (SOC experience required).
• Hands-on experience with SIEM (e.g., SecOps, Sentinel, QRadar), EDR (e.g., CrowdStrike, Defender, SentinelOne), and SOAR platforms.
• Proficient in authoring detections, rule tuning, enrichment pipelines, and alert routing.
• Demonstrated capability in building and executing IR playbooks and containment/eradication plans.
• Experience conducting post-incident reviews and RCAs, and delivering corrective action plans to engineering teams.
• Scripting skills (Python/PowerShell/Bash) for automation, enrichment, and data wrangling.
• Excellent written communication for case documentation and executive-ready incident summaries.

Desired Skills and Abilities

• Turns noisy telemetry into actionable signals.
• Is detail-oriented and disciplined in organizing information. Ships repeatable playbooks, maintains clean runbooks, and closes feedback loops.
• Ready to mentor other analysts, set standards for communication and delivery for the SOC.
• Comfortable presenting complex technical information to the CISO or other executive leadership.

Compensation

Competitive salary, commensurate with experience, and a generous benefits package that includes medical, dental, vision, life and disability insurance, paid vacation, and 401k plan.

Working Conditions

Location: Hybrid (This person can be based out of our Dallas/Frisco, TX or Conshohocken, PA Corporate Headquarters)

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Legends Global is an Equal Opportunity/Affirmative Action employer, and encourages Women, Minorities, Individuals with Disabilities, and protected Veterans to apply. VEVRAA Federal Contractor.