Key skills
CloudDNSLinuxMacOSPythonSplunkTCP/IPPowerShellCommunicationCloud Security
About this role
Role Overview
- Monitor SIEM, EDR, IDS/IPS, cloud security, and email security alerts for potential threats or abnormal activity.
- Triage, validate, and investigate security alerts; identify false positives; escalate or resolve incidents as appropriate.
- Perform in-depth analysis of suspicious activity and correlate logs across multiple systems to determine root cause, scope, and impact.
- Execute containment and remediation actions such as host isolation, account lockdown, IOC blocking, vulnerability mitigation, and post-recovery validation.
- Conduct proactive threat hunting based on threat intelligence, behavioral patterns, or hypothesis-driven analysis.
- Support forensic data collection and examination (endpoint artifacts, system logs, cloud audit logs, etc.).
- Analyze suspicious files, scripts, URLs, and domains using sandboxing, tooling, and threat intelligence sources.
- Recommend and contribute to improvements in SIEM rules, detections, automation workflows, and security playbooks.
- Participate in incident response activities, including documentation, communication with stakeholders, and post-incident reviews.
- Monitor and maintain the health and accuracy of security tooling, connectors, and log ingestion pipelines.
- Help improve security processes, policies, and standards as part of a growing team.
- Maintain clear, organized case notes and produce reports when needed.
- Opportunity to help shape a growing SOC and influence detection engineering, automation, and incident response processes.
Requirements
- 1–3+ years of experience in a SOC, incident response, or security operations environment.
- Hands-on experience with SIEM, EDR, and cloud security tools (e.g., Microsoft Sentinel, Defender XDR, Splunk, CrowdStrike, etc.).
- Strong understanding of Windows, Linux, and/or macOS internals; identity security; authentication flows; and network fundamentals (TCP/IP, DNS, HTTP).
- Familiarity with threat landscape, threat intelligence workflows, and MITRE ATT&CK.
- Ability to write basic queries or scripts (KQL, SPL, PowerShell, Python, etc.).
- Analytical thinker with strong troubleshooting skills and a structured approach to incident handling.
- Clear communication skills and the ability to document technical findings concisely and accurately.
- A commitment to doing work the right way — following sound processes, documenting thoroughly, and maintaining a high standard for quality and security operations.
- A genuine desire to learn, grow, and continuously improve as the environment, tools, and challenges evolve.
Tech Stack
- Cloud
- DNS
- Linux
- MacOS
- Python
- Splunk
- TCP/IP
Benefits
- comprehensive medical, dental, and vision plans
- matching 401K
- unlimited PTO and paid holidays
- parental/adoption leave
- legal insurance
- home technology stipend