We are seeking a dedicated and experienced individual with a strong background in information security and technology to join our growing Managed Security Service Provider (MSSP) within the Security Operations Center (SOC).  As a SOC Analyst, you will play a crucial role as the technical expert who ensures our SIEM platform runs at peak performance and provides actionable security intelligence. This individual will be a key part of our security infrastructure team, working closely with SOC Analysts and IT staff. You must live in one of these locations to be considered for this remote position. (Connecticut, Delaware, Florida, Georgia, Illinois, Maryland, Massachusetts, New York, South Carolina, North Carolina, Tennessee, Texas, Utah, Virginia,Vermont, DC, Kentucky, Pennsylvania, Ohio or Washington.)   Duties/Responsibilities: - SIEM Platform Management - Administer and maintain the SIEM platform, ensuring system health, performance, storage, and availability. Perform updates, patching, and backups regularly. - Log Source Integration - Coordinate with internal and client teams to onboard new log sources, ensuring accurate and efficient data collection and parsing. - Content Development and Optimization - Create, tune, and manage SIEM content including correlation rules, alerts, dashboards, and reports to enhance detection capabilities and reduce false positives. - Performance Monitoring and Optimization - Analyze SIEM performance metrics and implement improvements to support scalability and high-speed querying. - Documentation and Reporting - Maintain documentation for SIEM architecture, processes, and procedures. Generate reports on system health, performance, and security metrics for management and compliance. - Security Incident Response - Conduct in-depth analysis and investigation of security incidents. Collaborate with SOC analysts to escalate and resolve advanced threats. - Client Engagement and Advisory - Assess client security needs and recommend tailored solutions aligned with Kraft Kennedy SOC standards. Develop and implement security policies to strengthen client security posture. - Collaboration and Support - Provide technical guidance and support to the SOC team. Troubleshoot SIEM-related issues and ensure timely resolution. - Continuous Learning and Threat Awareness - Stay current with emerging security trends, technologies, and threats to proactively safeguard client environments.

We're seeking a Security Operations Specialist (SaaS & Identity Focus) to join our team and play a critical role in maintaining and enhancing our security posture. This position combines technical security expertise with strong interpersonal skills, requiring someone who can both monitor and respond to security incidents while effectively collaborating with diverse stakeholders across the organization. What You'll Do Security Operations & Monitoring - Monitor, investigate, and respond to security incidents and alerts in real-time - Manage and optimize security tools including Crowdstrike and Wiz - Conduct threat hunting and proactive security analysis to identify potential vulnerabilities - Develop and maintain security incident response playbooks and documentation - Perform log analysis and correlation to identify security events and anomalies Compliance & Risk Management - Support SOC2 audit preparation and maintain ongoing compliance requirements - Assist with other security and compliance certification standards and frameworks - Implement and enforce security policies, procedures, and controls - Conduct security assessments and risk evaluations - Maintain evidence collection and documentation for audit purposes Collaboration & Support - Serve as a security resource and advisor to end users, providing guidance on security best practices - Partner with development teams to integrate security into the software development lifecycle - Communicate security incidents and risks to both technical and non-technical stakeholders - Provide security awareness training and guidance across the organization - Balance security requirements with business needs while maintaining a customer service-oriented approach

• Monitor and analyze network traffic, logs, and alerts for potential security incidents • Assist with identifying, tracking, and remediating system vulnerabilities • Support compliance activities under NIST 800-53, CMMC, and RMF frameworks • Help maintain secure configurations for systems and applications • Participate in incident response activities and document corrective actions • Prepare reports on security findings, risks, and mitigation recommendations • Collaborate with IT and cybersecurity teams to strengthen network defenses • Contribute to developing standard operating procedures (SOPs) and documentation for audits

• Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines. • Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack. • Own logging coverage and quality for cloud and platform signals, including: Cloud Audit Logs (Admin Activity, Data Access, System Event) • IAM/service account activity and privileged actions • VPC Flow Logs, load balancer/WAF/proxy signals • GKE audit logs and Kubernetes control-plane events • Security-relevant application/service logs • Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths). • Develop automation and guardrails to reduce toil and accelerate investigations/response: API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports) • Repeatable runbooks/workflows and integration into ticketing/notification pipelines • Partner with teams to implement and validate security controls that improve defensibility: Secure configuration baselines and drift detection • Identity and access telemetry improvements • Network segmentation signals and policy validation • Container/GKE security instrumentation and runtime visibility • Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability). • Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes. • Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing.