What the day will look like SOC Monitoring & Investigation Monitor and triage alerts across platforms including LogScale, CrowdStrike Falcon, XSOAR, Microsoft, and Okta Perform initial investigation and validation of security events to determine severity and scope Escalate incidents with clear documentation, supporting evidence, and recommended actions Conduct in-depth investigations into suspicious endpoint, identity, network, and cloud activity (L2/L3) Support incident containment and remediation in coordination with Incident Response and Engineering teams Detection Development & Tuning Provide feedback on alert quality, noise, and detection gaps based on operational experience Assist in creating and refining detection rules and correlation logic using real-world cases and threat intelligence Tune existing detections to reduce false positives and improve SOC efficiency Validate detection effectiveness against known attacker behaviors and MITRE ATT&CK techniques Investigation Enablement Design and refine investigative workflows to guide analysts from triage through resolution Develop and maintain runbooks, playbooks, and procedural guides for common alert types Identify missing context or data needed to accelerate investigations (e.g., enrichment, logging, asset data) Recommend and implement improvements that reduce analyst effort and decision time Security Automation & Playbooks Utilize and enhance XSOAR playbooks and automation workflows within daily SOC operations Identify repetitive tasks suitable for automation and partner with engineering teams to implement solutions Test, validate, and optimize automated actions to ensure they support investigations effectively Contribute to continuous improvement initiatives focused on SOC scalability, speed, and consistency Security Analytics & Telemetry Develop and execute queries in LogScale and other analytics platforms to support investigations and threat hunting Analyze telemetry across endpoint, identity, cloud, email, and network sources to identify suspicious activity Identify trends, recurring issues, and visibility gaps Support development of dashboards and reporting for SOC performance and incident trends Collaboration & Knowledge Sharing Partner with AC3 analysts to identify operational challenges and propose improvements Work with Threat Intelligence and PTO teams to operationalize intelligence into detections and playbooks Collaborate with Security Engineering to enhance logging, telemetry, and data availability Contribute to post-incident reviews and continuously update runbooks and detections How this opportunity is different Combines SOC operations, detection engineering, and automation-not just alert triage. Skills and experience that will lead to success Minimum 2+years of experience in a SOC, Cyber Defense Center, MDR, or similar environment (L1-L3) will be preferred Strong understanding of attack techniques, alerting, and MITRE ATT&CK framework Hands-on experience with SIEM platforms such as LogScale, Splunk, Microsoft Sentinel, or Elastic Familiarity with EDR tools (preferably CrowdStrike Falcon) Exposure to SOAR platforms (e.g., XSOAR) and interest in automation Basic scripting experience (Python, PowerShell, or similar) preferred Strong analytical, troubleshooting, and evidence-based decision-making skills Effective written and verbal communication, including incident documentation and handoffs Preferred Backgrounds SOC Analyst (Tier 1-3) MDR Analyst Incident Response Analyst Threat Detection Analyst Detection Engineer (with SOC experience) Security Operations Engineer Security Content Developer (with SOC exposure) Education: Bachelor's degree in Computer Science or equivalent years of industry experience.