SOC L2 Analyst responsible for security monitoring and incident investigation. Analyzing escalated alerts, conducting correlation with SIEM, and executing response actions.
About the role
- Lead incident response efforts for a global fintech focusing on Microsoft E5 security capabilities and DLP. Drive detection, containment, and proactive security measures for the enterprise.
Responsibilities
- The Senior Incident Response Engineer will lead advanced security incident response efforts
- focusing on Microsoft E5 security capabilities and Data Loss Prevention (DLP)
- Detect, analyze, and respond to security incidents detected by EDR, SIEM, and Cloud Security tooling as well as MDR service providers
- Lead post-incident reviews and drive process improvements
- Perform advanced threat hunting using Microsoft Defender and related tools
- Integrate threat intelligence and adapt detection strategies based on real world threats observed by the organization
- Conduct forensic data acquisition, log analysis, and root cause determination for endpoint incidents
- Develop and maintain incident response playbooks and runbooks across the security operations toolset
- Collaborate with analysts and other IR engineers to identify opportunities for improvement and tuning of detection rules
- Collaborate with IT, legal, HR, communications, and other business units
Requirements
- Minimum 5 years of progressive information security experience
- At least 4 years focused on incident response, including investigations across different security domains (endpoint, application, DLP, and more)
- Proficiency with Microsoft 365 Security Suite as well as other security tooling such as SentinelOne, Google SecOps, Abnormal Security, and others
- Strong experience with incident response, digital forensics, and threat hunting across a hybrid environment
- Knowledge of endpoint operating systems (Windows, macOS, and Linux)
- Experience with cloud environments such as Azure, AWS, and GCP
- Experience with scripting (PowerShell, Python, or Bash) for automation and log parsing desired
- Relevant certifications (one or more preferred): GCFA, GCIH, CHFI, CySA+, MS SC-200, MS SC-400 or similar
Benefits
- Comprehensive medical insurance, dental insurance, and vision insurance
- life and disability insurance
- fertility benefits
- wellness resources
- paid sick time
- Generous paid time off and holidays
- Employee Assistance Program (EAP)
- complimentary Calm app subscription
- Immediate vesting in a 401(k) plan
- Health Savings Account (HSA) and Flexible Spending Account (FSA) options
- commuter benefits
- employee discount programs
- Paid maternity leave and paid paternity leave (including for adoptive parents)
- legal plan options
- pet insurance coverage
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cyber Security Specialist protecting digital estate from threats at the University of Edinburgh. Focused on identifying and mitigating cyber risks while supporting teaching and research services.
Cybersecurity Incident Response Analyst detecting and responding to cyber threats at NOV. Collaborating using AI tools to enhance cybersecurity operations across IT, cloud, and OT environments.
Lead Specialist in Security Operations, enhancing detection engineering and incident response at Pearson. Collaborate with teams and drive process improvements in a high - paced environment.
Security Engineer II at AvidXchange enhancing security operations and incident response. Collaborating with teams to develop, tune and improve security monitoring and automation capabilities.
Director leading security operations strategy and overseeing investigations at Ford Motor Company. Responsible for global investigations, crisis management, and team leadership.
Cloud Security Engineer at Artemys designing and maintaining secure Azure infrastructures, overseeing security monitoring and incident management.
Lead global Cyber Detect and Respond team at Assa Abloy, ensuring timely incident response and security compliance. Oversee operations while collaborating across IT and business functions for effective threat management.
Lead Cybersecurity Analyst responsible for technical leadership of a 24x7 SOC team at AT&T. Drive operational standards, incident response, and continuous improvement initiatives.
Security Engineer safeguarding AWS environments for Genesys Cloud mission. Handling advanced threats and collaborating with SecDev, PenTest, DevOps, and SRE teams.