Remote SOC Analyst

About the job Remote SOC Analyst <br> <br>Remote SOC Analyst needs 2+ years of experience in a SOC or cybersecurity operations role.<br><br>SOC Analyst requires:<br><ul><li>Security certifications such as Security+, CySA+, GCIH, GCIA, or equivalent.</li><li>Experience with scripting (Python, PowerShell) for automation and analysis.</li><li>Exposure to cloud security monitoring (Azure, AWS, GCP).</li><li>Understanding of compliance frameworks (e.g., NIST, ISO 27001, PCI-DSS).</li><li>Experience with Microsoft Sentinel for SIEM and Microsoft Defender for Endpoint for EDR.</li><li>Solid understanding of TCP/IP, Windows/Linux OS internals, and common attack vectors.</li><li>Familiarity with MITRE ATT&CK, cyber kill chain, and threat modeling.</li></ul><br>SOC Analyst duties:<br><ul><li>Alert Triage & Validation: Investigate and validate alerts escalated from our security partners using SIEM, EDR, and other security tools.</li><li>Incident Response: Execute containment and remediation steps for confirmed incidents. Escalate to Tier 3 when deeper forensic or threat hunting expertise is required.</li><li>Threat Analysis: Correlate data across multiple sources (network, endpoint, cloud) to identify patterns and indicators of compromise (IOCs).</li><li>Detection Tuning: Work with engineering and Tier 3 teams to fine-tune detection rules and reduce false positives.</li><li>Process Development: Document SOC workflows, procedures, and incident handling processes. Build and maintain runbooks to standardize response actions and improve operational efficiency.</li><li>Continuous Improvement: Stay current on emerging threats, vulnerabilities, and security technologies. Recommend improvements to detection and response capabilities.</li></ul>