• Own Tier 2 escalations across endpoints, identity & access, collaboration tools, and core services—balancing fast resolution with long-term quality. • Investigate root causes of recurring issues and design durable fixes that prevent repeat incidents (vs. one-off workarounds). • Develop secure configuration standards and baselines spanning endpoints, GenAI, orchestration, and SaaS/cloud infrastructure, and iterate on them to support scale and reliability. • Shape incident/problem/change practices by proposing safe changes with clear rollback plans and improving how the team learns from incidents. • Create operational documentation (knowledge base articles, runbooks, reusable patterns) that reduces escalations and uplevels the service desk. • Triage and investigate security alerts in EDR/SIEM/SOAR, escalate effectively, and coordinate containment to recovery using playbooks with clear timelines. • Build and improve automations + analytics (GenAI/ML workflows, scripts/APIs, dashboards) to streamline tasks like alert enrichment, ticket routing, lifecycle changes, remediation flows, and ongoing operational reporting. • Partner on vulnerability and patch management by prioritizing issues, tracking remediation to SLAs, and verifying closure in measurable ways.

We are seeking a dedicated and experienced individual with a strong background in information security and technology to join our growing Managed Security Service Provider (MSSP) within the Security Operations Center (SOC).  As a SOC Analyst, you will play a crucial role as the technical expert who ensures our SIEM platform runs at peak performance and provides actionable security intelligence. This individual will be a key part of our security infrastructure team, working closely with SOC Analysts and IT staff. You must live in one of these locations to be considered for this remote position. (Connecticut, Delaware, Florida, Georgia, Illinois, Maryland, Massachusetts, New York, South Carolina, North Carolina, Tennessee, Texas, Utah, Virginia,Vermont, DC, Kentucky, Pennsylvania, Ohio or Washington.)   Duties/Responsibilities: - SIEM Platform Management - Administer and maintain the SIEM platform, ensuring system health, performance, storage, and availability. Perform updates, patching, and backups regularly. - Log Source Integration - Coordinate with internal and client teams to onboard new log sources, ensuring accurate and efficient data collection and parsing. - Content Development and Optimization - Create, tune, and manage SIEM content including correlation rules, alerts, dashboards, and reports to enhance detection capabilities and reduce false positives. - Performance Monitoring and Optimization - Analyze SIEM performance metrics and implement improvements to support scalability and high-speed querying. - Documentation and Reporting - Maintain documentation for SIEM architecture, processes, and procedures. Generate reports on system health, performance, and security metrics for management and compliance. - Security Incident Response - Conduct in-depth analysis and investigation of security incidents. Collaborate with SOC analysts to escalate and resolve advanced threats. - Client Engagement and Advisory - Assess client security needs and recommend tailored solutions aligned with Kraft Kennedy SOC standards. Develop and implement security policies to strengthen client security posture. - Collaboration and Support - Provide technical guidance and support to the SOC team. Troubleshoot SIEM-related issues and ensure timely resolution. - Continuous Learning and Threat Awareness - Stay current with emerging security trends, technologies, and threats to proactively safeguard client environments.

We're seeking a Security Operations Specialist (SaaS & Identity Focus) to join our team and play a critical role in maintaining and enhancing our security posture. This position combines technical security expertise with strong interpersonal skills, requiring someone who can both monitor and respond to security incidents while effectively collaborating with diverse stakeholders across the organization. What You'll Do Security Operations & Monitoring - Monitor, investigate, and respond to security incidents and alerts in real-time - Manage and optimize security tools including Crowdstrike and Wiz - Conduct threat hunting and proactive security analysis to identify potential vulnerabilities - Develop and maintain security incident response playbooks and documentation - Perform log analysis and correlation to identify security events and anomalies Compliance & Risk Management - Support SOC2 audit preparation and maintain ongoing compliance requirements - Assist with other security and compliance certification standards and frameworks - Implement and enforce security policies, procedures, and controls - Conduct security assessments and risk evaluations - Maintain evidence collection and documentation for audit purposes Collaboration & Support - Serve as a security resource and advisor to end users, providing guidance on security best practices - Partner with development teams to integrate security into the software development lifecycle - Communicate security incidents and risks to both technical and non-technical stakeholders - Provide security awareness training and guidance across the organization - Balance security requirements with business needs while maintaining a customer service-oriented approach

• Monitor and analyze network traffic, logs, and alerts for potential security incidents • Assist with identifying, tracking, and remediating system vulnerabilities • Support compliance activities under NIST 800-53, CMMC, and RMF frameworks • Help maintain secure configurations for systems and applications • Participate in incident response activities and document corrective actions • Prepare reports on security findings, risks, and mitigation recommendations • Collaborate with IT and cybersecurity teams to strengthen network defenses • Contribute to developing standard operating procedures (SOPs) and documentation for audits