Security Operations Centre Analyst for Long View's IGS branch, focused on incident detection and response. Collaborating with teams to monitor, identify, and remediate security incidents.
About the role
- Security Operations Lead overseeing global SOC operations and AI product integration at Replit. Leading monitoring and incident response across multi-cloud environments and AI workloads.
Responsibilities
- Lead, mentor, and scale a global SOC team responsible for 24/7 monitoring, alert intake, triage, correlation, and escalation.
- Build operational rigor: processes, runbooks, SLAs, metrics, and quality standards for high-scale environments.
- Cover monitoring across:
- - Cloud infrastructure (GCP, AWS, Azure)
- - Kubernetes/GKE/EKS/AKS clusters
- - SaaS platforms (Google Workspace, GitHub, Slack, Okta, etc.)
- - Endpoints (macOS, Linux, Windows) including EDR/XDR telemetry
- - Developer platforms + CI/CD pipelines
- - AI/ML systems and model-serving workflows
- Evaluate, adopt, and integrate AI-native SOC technologies for triaging, detection, and correlation.
- Identify opportunities to automate triage, investigations, enrichment, and reporting.
- Serve as the internal expert on the capabilities and limitations of AI-based SOC tooling.
- Own the entire SIEM ecosystem—ingestion, normalization, correlation, enrichment, tuning, dashboards, and metrics.
- Develop high-fidelity detections for:
- - Cloud-native attacks
- - Identity threats and lateral movement
- - SaaS misconfigurations and privilege abuse
- - Endpoint malware/behavior anomalies
- - Insider threats and account takeover patterns
- - Use MITRE ATT&CK, MITRE Cloud Matrix, and threat intel to drive detection coverage.
- Lead day-to-day triage and threat analysis activities, ensuring accurate categorization and prioritization.
- Drive complex investigations involving correlated events across cloud, SaaS, endpoints, and developer platforms.
- Guide root cause analysis and work with owners to drive remediation and architectural improvements.
- Communicate threats, gaps, and trends to leadership and engineering stakeholders.
- Partner with Cloud Security on cloud posture and preventative controls.
Requirements
- 7+ years of experience in Security Operations, with 3+ years in a senior or lead capacity.
- Experience leading or collaborating with 24/7 SOC environments (internal, hybrid, or MSSP).
- Strong experience with SIEM platforms (Chronicle, Splunk, Elastic, Sentinel, Panther, etc.).
- Deep understanding of:
- - Cloud security monitoring (GCP required; AWS/Azure preferred)
- - SaaS security monitoring (Okta, Google Workspace, GitHub, Slack, etc.)
- - Endpoint security telemetry (EDR/XDR tools such as CrowdStrike, SentinelOne, or Defender)
- - Kubernetes and container detection
- Hands-on detection engineering skills, event correlation, threat hunting, and log analysis.
- Familiarity with AI-based SOC platforms and LLM-driven detection/triage tools.
- Strong understanding of identity security, OAuth/OIDC, and API telemetry patterns.
- Experience with SOAR and scripting (Python, Go, Bash).
- Knowledge of MITRE ATT&CK, cloud kill chains, behavioral detections, and detection lifecycle management.
Benefits
- Competitive Salary & Equity
- 401(k) Program
- Health, Dental, Vision and Life Insurance
- Short Term and Long Term Disability
- Paid Parental, Medical, Caregiver Leave
- Commuter Benefits
- Monthly Wellness Stipend
- Autonoumous Work Environement
- In Office Set-Up Reimbursement
- Flexible Time Off (FTO) + Holidays
- Quarterly Team Gatherings
- In Office Amenities
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Intermediate Security Operations Centre Analyst involved in IT security operations for a dynamic IT provider. Collaborating with internal teams for incident detection and response across various platforms.
SOC Engineer at Replit monitoring and assessing emerging threats in cloud infrastructure and AI coding environments. Conducting investigations and collaborating with teams for mitigation strategies.
Cybersecurity Incident Response Engineer in Comcast's Security Incident Response Team mitigating threats and restoring environments following incidents. Working with advanced technologies to safeguard customers and infrastructure.
Director of Security Operations responsible for strategic leadership and operational excellence in security at Abridge. Leading teams focused on preventing, detecting, and responding to security threats.
Sr. Security Incident Response Engineer leveraging Splunk expertise to investigate security incidents at Autodesk. Monitoring and analyzing threats while collaborating with incident response teams.
Lead incident response efforts for a global fintech focusing on Microsoft E5 security capabilities and DLP. Drive detection, containment, and proactive security measures for the enterprise.
SOC Analyst I monitoring and responding to cybersecurity threats for Byline Bank. Assisting in protecting customer and business information with compliance and real - time threat management.
Senior Manager of Regional Security Operations overseeing security programs at McKesson nationwide. Supporting risk mitigation strategies and compliance across distribution business units in the USA.
IT Security Operations Specialist ensuring security of networks and data in an international organization. Designing security controls, monitoring incidents, and utilizing advanced threat hunting techniques.