Security Operations Center Analyst

TypeDirect HireFully Onsite Shift1st shift - 8am - 4pm CST OR 2nd shift - 4pm-midnight CST Must willing to be on a rotating shift to work occasional weekends Requirements:2-4 years of experience as a SOC or Incident Response AnalystKnowledge of security frameworks and standards (e.g., NIST, ISO 27001).Proficiency in cybersecurity EDR and SIEM tools, including CrowdStrike and SplunkExperience in dealing with Phishing/ Email Threats, Web Application/ WAF Events and Incident ResponseNice to Have:Bachelor's Degree in Cybersecurity, Computer Science, or related field, or equivalent experience. Hands-on exposure to email quarantine workflows, user reported phishing queuesExposure to WAF (security configs/policies, bot manager insights, anomaly logs, false-positive review).ITIL Foundations and ticketing platforms (e.g., ServiceNow/Jira).Security certifications (e.g., Security+, CySA+, SSCP) or equivalent coursework/labs.Job Description:The SOC Analyst I is a junior/associate level, customer-facing role responsible for 24í—7 monitoring, initial triage, and escalation of security events. The analyst helps protect the organization by reviewing alerts, investigating suspicious activity, executing documented playbooks, and supporting incident response activities. This role focuses on day-to-day security operations across multiple domains such as network, endpoint, email, and application security, while contributing to the continuous improvement of SOC processes, documentation, and incident handling practices.Security Monitoring & Triage (60%)Monitor SIEM/SOAR and security tool queues for alerts; perform initial triage, enrichment, and severity classification.Investigate email-borne threats (phishing, malware, BEC indicators) using consoles and reports; quarantine/contain per playbooks.Review WAF events (rules, thresholds, bot activity, anomalies), validate true/false positives, and escalate as needed.Document every action, observation, and decision in ticketing systems with clear, reproducible notes. Incident Response Support (25%)Execute first-responder steps for high-fidelity alerts (isolation requests, account lockouts, message recalls, URL detonation, basic IOC searches).Follow escalation paths to Incident Handlers/Engineers; participate in incident bridges and provide timely updates.Preserve evidence (artifacts, timelines) and support post-incident review with accurate case documentation. Operational Hygiene & Improvement (10%)Maintain and improve playbooks/runbooks (email phishing, malware detonation, WAF false-positive handling, brute-force patterns).Assist with routine health checks of SOC tools, dashboard hygiene, and alert tuning recommendations.Contribute to automation opportunities and knowledge base articles. Collaboration & Communication (5%)Communicate clearly with senior analysts, engineers, and stakeholders; provide concise status and handoffs across shifts.

Apply Now