Security Operations Center Analyst

Who You’ll Work With

We are seeking a highly motivated and proactive Security Operations Center (SOC) Analyst to join our dynamic, remote cybersecurity team. The ideal candidate is a critical thinker, self-starter, and driven professional with hands-on experience using Crowdstrike or other EDRs. You will play a critical role in monitoring, triaging, and responding to cyber threats across our primarily Mac and Linux environments, with some Windows systems. You will work closely with a collaborative team of fellow SOC analysts, incident responders, threat hunters, and cross-functional partners across IT, engineering, and DevOps to ensure our security posture remains strong. We’re looking for someone who takes ownership, excels in high-pressure settings, and is skilled in writing CrowdStrike Query Language (CQL) (or similar) to create effective detections that protect our organization’s assets.

What You’ll Do

Monitor and triage security alerts.

Build, test, and refine detections to enhance threat identification across Mac, Linux, and Windows systems.

Conduct in-depth analysis of security incidents, including malware, phishing, and advanced persistent threats, leveraging SIEM and EDR capabilities.

Perform proactive threat hunting using the SIEM and EDR features.

Investigate and respond to incidents swiftly, following established incident response protocols.

Document findings clearly and provide actionable remediation recommendations.

Collaborate with cross-functional teams to strengthen security controls and mitigate vulnerabilities.

Stay current on emerging threats, vulnerabilities, and industry trends through self-directed learning.

Participate in on-call rotation for 24x7x365 SOC coverage, demonstrating reliability and accountability.

Escalate confirmed or suspicious incidents and cases to the Incident Response team.

Qualifications

4-5+ years in a SOC and or active participant on incident response teams.

Hands-on experience with CrowdStrike (or other EDR), triaging security incidents.

Proven ability to write CQL (or similar) queries and build detections for threat monitoring.

Experience triaging alerts in a high-volume environment.

Experience with threat intelligence feeds, platform and OSINT tools (VirusTotal, etc.)

Familiarity with forensic analysis and evidence handling.

Skills and Attributes :

Exceptional critical thinking and analytical skills to address complex security challenges.

Self-starter with a proven ability to take initiative and deliver results independently.

Driven mindset, thriving in fast-paced, high-pressure remote work environments.

Strong understanding of cybersecurity principles, threat landscapes, and attack vectors.

Proficiency in analyzing logs, network traffic, and endpoint data using CrowdStrike Next-Gen SIEM, particularly for Mac and Linux systems (Windows experience a plus).

Solid knowledge of incident response processes and methodologies.

Familiarity with operating systems, with primary expertise in Mac and Linux, and secondary knowledge of Windows.

High attention to detail and ability to make sound decisions under pressure.

Demonstrated commitment to continuous learning and professional development in cybersecurity.

Nice-to-Have :

Write and optimize detections to detect and investigate security events.

Proficiency in scripting (e.g., Python) for automating SOC workflows.

Experience creating playbooks in Crowdstrike Fusion SOAR (or similar SOAR)

Knowledge of cloud security (GCP, AWS, and or Azure).

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).