Security Analyst

A growing organization is seeking a Lead Security Analyst to serve as the senior technical escalation point within its Security Operations Center (SOC). This role focuses on leading complex incident investigations, improving detection capabilities, and advancing automation within modern security operations. Working closely with cloud, identity, application, and data security teams, this position plays a key role in strengthening detection coverage, improving response workflows, and leveraging automation and AI-driven enrichment to increase SOC efficiency. As a senior individual contributor, the Lead Security Analyst helps shape operational strategy while providing hands-on technical leadership during high-impact security events.

Key Responsibilities

• Lead investigation and response efforts for high-severity security incidents, coordinating actions across SOC, IT, cloud, and DevOps teams.
• Perform advanced threat hunting and detection engineering, identifying adversary behaviors and improving detection coverage across endpoint, cloud, identity, and SaaS environments.
• Design and maintain automation and SOAR playbooks to streamline investigations, enrichment, and response actions.
• Support security monitoring across cloud and data environments, including AWS-native security services and CSPM platforms.
• Conduct forensic analysis across multiple telemetry sources to determine root cause, attack paths, and remediation actions.
• Develop and maintain SOC playbooks, incident response procedures, and operational metrics (e.g., MTTD, MTTR, alert trends).
• Partner with security engineering and platform teams to improve logging, detection fidelity, and overall observability.
• Provide technical mentorship and serve as an escalation point for SOC analysts.

Required Qualifications

• 5+ years of experience in cybersecurity operations, incident response, threat hunting, or detection engineering within a SOC environment.
• Strong experience with SIEM platforms (Splunk preferred), including detection development and alert tuning.
• Experience investigating threats across endpoint, cloud, identity, email, and network telemetry.
• Hands-on knowledge of AWS security services such as GuardDuty, Security Hub, Inspector, and Macie.
• Understanding of adversary tactics and techniques using the MITRE ATT&CK framework.
• Experience with automation or scripting (Python, PowerShell, or Bash).
• Familiarity with SOAR platforms and automated response workflows.
• Knowledge of application and API security fundamentals, including OWASP Top 10.
• Strong written and verbal communication skills with the ability to translate technical findings for varied audiences.

Preferred Qualifications

• Experience with web application and API security testing tools (e.g., Burp Suite or similar).
• Familiarity with cloud security posture management (CSPM) platforms such as Wiz.
• Experience integrating AI-assisted enrichment or automation into SOC workflows.
• Engagement in hands-on cybersecurity training platforms such as HackTheBox or TryHackMe.
• Relevant certifications such as GIAC (GCIH, GCFA, GDAT) or CompTIA CySA+.

Compensation: $120,000-135,000
Salary is based on a range of factors that include relevant experience, knowledge, skills, other job-related qualifications.