Salary
💰 $80,000 - $100,000 per year
Job Level
Senior
Tech Stack
AzureCloudCyber SecurityFirewallsITSMJamfMacOSServiceNowSplunk
About the role
- Oversee the monitoring of security alerts and events from SIEM, EDR, IDS/IPS, firewalls, and other security tools
- Lead investigations of security incidents, determine root cause, and develop remediation strategies in coordination with stakeholders
- Establish standards for incident documentation, ensure proper escalation paths, and recommend updates to procedures
- Execute initial containment and remediation steps based on defined playbooks
- Maintain situational awareness of current threats and vulnerabilities and provide recommendations to stakeholders
- Deliver detailed and accurate incident reports for clients and stakeholders
- Collaborate with incident response, threat intelligence, and engineering teams for deeper investigations and response activities
- Analyze logs across endpoints, servers, and cloud environments to identify anomalies and suspicious activity
- Conduct or coordinate vulnerability assessments and support remediation activities
- Administer and configure endpoint and threat detection platforms, including Intune, Jamf Pro, Arctic Wolf, Azure Security Center, and Mimecast
- Participate in system hardening, secure configurations, and patching of Windows/macOS systems
- Support phishing simulations, security awareness training, and assist with compliance documentation (e.g., NIST, SOC 2, ISO 27001, NERC-CIP)
- Develop, review, and approve knowledge base content and runbooks to guide junior analysts
- Participate in after-hours/on-call rotation, if required
Requirements
- 3+ years of experience in a SOC, cybersecurity, or IT security operations role
- Ability to exercise independent judgment in security event analysis and remediation decisions
- Experience guiding and mentoring junior SOC analysts
- Demonstrated capability to influence process improvements and recommend updates to policies, procedures, and playbooks
- Hands-on experience with security operations platforms such as Arctic Wolf and Azure Security Center, including configuration, tuning, and alert triage
- Familiarity with SIEM tools (e.g., Splunk, Sentinel, LogRhythm) and EDR platforms (e.g., CrowdStrike, SentinelOne)
- General networking concepts knowledge
- Experience with ITSM systems (e.g., ServiceNow, ConnectWise, FreshService)
- Experience managing endpoint security, email security (e.g., Mimecast), and system patching tools
- Proficiency with scripting languages like PowerShell or Bash for automation
- Hands-on experience supporting both Windows and macOS environments, including lifecycle and configuration management
- Understanding of common attack vectors (e.g., phishing, ransomware, lateral movement)
- Strong analytical, investigative, and problem-solving skills
- Excellent written, verbal, and interpersonal communication skills
- High adaptability to change and a customer-first mindset
- Strong documentation habits and a commitment to knowledge-sharing
- Familiarity with frameworks such as NIST, MITRE ATT&CK, CIS Controls
- Participate in a scheduled on-call rotation to provide after-hours escalation support for critical incidents