Lead deep-dive investigations across SIEM/EDR, cloud, and network telemetry; build timelines and determine scope and impact
Perform advanced analysis of endpoint activity, authentication/identity events, email telemetry, and network artifacts to identify attacker TTPs
Drive case direction by forming and testing hypotheses; identify containment and remediation actions with clear rationale
Provide clear, actionable technical updates and risk-based recommendations to technical and nontechnical audiences
Conduct root cause analysis and contribute to post-incident reviews; ensure corrective actions and detection improvements are tracked to completion
Develop and maintain detection content (KQL/SPL/Sigma) and associated response playbooks; validate efficacy through testing and tuning
Perform proactive threat hunting using known IOCs, behavioral analytics, and threat intelligence; document hunt hypotheses and outcomes
Design or request SOAR/automation improvements to reduce time-to-triage and improve consistency (enrichment, containment workflows, reporting)
Mentor and coach SOC Analysts; provide structured feedback on investigations, ticket quality, and incident handling
Establish and reinforce documentation standards, severity classification consistency, and investigation methodologies
Deliver high-quality incident reports including executive summaries, technical details, and prioritized remediation recommendations (as assigned)

Requirements

3–6+ years of experience in security operations, incident response, threat detection, or threat analysis
Demonstrated experience leading complex investigations and coordinating incident response across technical teams
Strong proficiency with SIEM and EDR platforms; experience writing detection logic and running advanced queries (KQL/SPL/Sigma)
Strong knowledge of adversary behaviors and frameworks (MITRE ATT&CK) and incident handling practices (NIST concepts)
Experience with cloud and identity security telemetry (Microsoft 365, Azure/AWS, Entra ID/Azure AD) and modern endpoint telemetry
Excellent written and verbal communication skills; ability to brief technical and non-technical stakeholders
Relevant certifications (one or more): CySA+, GCIH, GCIA, ECIH (or equivalent)
Bachelor’s degree in a related field or equivalent practical experience.

Benefits

Employer-paid Health and Dental Insurance for CA employees
401k with employer matching
Opportunities for professional development, including certifications and ongoing training
Vacation and PTO

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SIEMEDRKQLSPLSigmathreat huntingroot cause analysisincident responsedetection logicbehavioral analytics

Soft Skills

communicationmentoringcoachinganalytical thinkingproblem-solvingcollaborationattention to detaildocumentationfeedbackpresentation

Certifications

CySA+GCIHGCIAECIH