Authentic8 logo
Authentic8

The Silo Web Isolation Platform from Authentic8 enables anyone, anywhere, on any device to utilize the web without risk.

SOC Security Analyst

Location

United States

Posted

18 hours ago

Salary

$65 - $75 / hour

Seniority

Mid Level

Bachelor Degree2 yrs expEnglishDNSLinuxSplunkTCP/IP

Job Description

SOC Security Analyst

Authentic8

• Monitor, investigate, and respond to security detections across the SIEM, driving alerts to resolution. • Develop, tune, and maintain SIEM use cases and correlation rules to improve detection coverage. • Build and deliver operational reports and dashboards from available SIEM log source data. • Identify, assess, and escalate high-impact events from multiple data sources to senior staff and stakeholders following established procedures. • Intake, triage, and respond to security reports (phishing, suspicious activity, etc.), escalating as necessary. • Own the lifecycle of security tickets in the case management system, ensuring accurate documentation, timely updates, and proper closure. • Support proactive investigations and threat hunting as directed. • Provide day-to-day SOC operational support and coverage, communicating findings and relevant event details clearly to team members and stakeholders. • Draft and update SOC and Authentic8 documentation, runbooks, standards, and procedures. • Work with system and application owners to remediate discovered security vulnerabilities. • Ability to collaborate effectively in a dynamic team environment.

Job Requirements

  • 2+ years of experience in security operations, incident response, or a related security discipline (SOC analyst experience strongly preferred).
  • Hands-on SIEM experience - investigating alerts, building and tuning use cases and correlation rules, and generating reports (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar, or similar).
  • Demonstrated experience with phishing analysis and email security response.
  • Proven ability to triage and escalate security incidents independently using documented playbooks.
  • Solid understanding of networking concepts (TCP/IP, DNS, HTTP/S) and operating systems (Windows and Linux).
  • Experience with case/ticket management and clear, audit-ready documentation.
  • Strong written and verbal communication skills, with the ability to convey findings to both technical and non-technical audiences.
  • Ability to work independently with minimal oversight in a structured operations environment.
  • Must be able to pass a background investigation in accordance with company policy.
  • Must be a US Citizen

Related Categories

Related Job Pages

More Security Operations Jobs

UMGC Ventures logo

Adjunct Faculty, Cyber Operations

UMGC Ventures

A new model in higher education funding from a leader in education innovation, UMGC.

Part TimeRemoteTeam 51-200Since 2016H1B No Sponsor

• Teach remotely for the Cyber Dev Operations program. • Engage students through frequent interaction that motivates them to succeed. • Guide students in active collaboration and the application of their learning in problem- and project-based learning demonstrations. • Provide rich and regular constructive feedback, utilizing rubrics effectively for the assessment of student work, acknowledging student accomplishments. • Demonstrate relevant and current subject-matter expertise, helping students connect concepts across their academic program.

United States
$806 - $1.6K / hour
Censys logo

Director of Product Management, Security Operations

Censys

The Leader in Attack Surface Management & Cloud Security

Full TimeRemoteTeam 51-200Since 2017H1B Sponsor

• Own and grow the Security Operations product line • Build products that enable SOC analysts, incident responders, threat hunters, and detection engineers • Refine and evolve the product vision • Drive product-market fit across multiple buyer segments • Present product-driven business metrics to the executive team • Track pipeline generation, POC conversion, ARR growth, and net retention

United States
$206K - $294K / year
NTT Ltd. logo

Information Security Incident Response Analyst

NTT Ltd.

NTT DATA is a $30+ billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. As a Global Top Employer, we have experts in more than 50 countries and offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners.

Full TimeRemoteTeam 10,001

Role Description The Information Security Incident Response Analyst supports clients during security incidents by performing technical investigations, analyzing digital forensic evidence, and assisting with containment and remediation activities. This role focuses on identifying indicators of compromise, reconstructing attacker activity, and communicating clear, actionable findings. The analyst works as part of a global DFIR team, handling a variety of incident types across diverse environments. They contribute to process improvements, maintain strong client communication, and continue building advanced DFIR skills through hands‑on investigations and internal project work. Key Responsibilities - Investigates security incidents by performing host, disk, memory, network, and cloud forensic analysis under established processes and guidance. - Analyzes artifacts across Windows, Linux, and macOS systems, helping reconstruct timelines and determine root cause. - Supports clients through containment and recovery efforts by providing technical recommendations and clear communication. - Participates in the team’s on‑call rotation for urgent incident response needs. - Completes internal and client tasks such as tabletop exercises, IR readiness assessments, basic forensic reviews, and environment hardening support. - Identifies observable gaps and risks within client environments and recommends improvements to strengthen security posture. - Produces accurate documentation—including investigation notes, status updates, and final reports. - Collaborates with global DFIR and other teams and stays current on threats, attacker techniques, and emerging forensic tools. Qualifications - Solid understanding of digital forensics fundamentals, including host‑based analysis across major operating systems. - Working knowledge of network forensics, cloud log analysis (e.g., Azure, AWS, GCP), and common forensic tools. - Ability to clearly communicate technical findings to both technical and non‑technical audiences. - Strong analytical and problem‑solving skills, especially during time‑sensitive investigations. - Motivated to continuously learn deeper DFIR techniques and methodologies. Requirements - Proven experience in incident response and digital forensics, with capability in host‑based, image, and log analysis. - Experience using SIEM, EDR, IDS/IPS, and other security tools to triage, investigate, and respond to incidents. - Ability to perform network analysis using tools such as Wireshark, tcpdump, and other tools. - Experience in cybersecurity operations, consulting, DFIR services, or related technical security roles. Academic Qualifications, Certifications - Bachelor’s degree or equivalent experience in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred). - Relevant certifications such as: - SANS GIAC Security Essentials (GSEC) or equivalent preferred. - SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred. - SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred. - GICSP – GIAC Global Industrial Cyber Security Professional - GRID – GIAC Response and Industrial Defense - GCIP – GIAC Critical Infrastructure Protection - ISA/IEC 62443 Cybersecurity Certificates (ISA/IEC 62443 Cybersecurity Fundamentals, etc.) - IC32/IC33/IC34 - Any additional DFIR‑related certifications. Additional UK‑Specific Role Requirements - Active UK Security Clearance is required to deliver services within sensitive or regulated client environments. - Background and hands‑on experience in OT environments. - Experience investigating ICS/SCADA systems and industrial sectors such as manufacturing, energy, utilities, or critical infrastructure. - Ability to collect and analyze OT forensic artifacts, interpret OT protocols and system behavior, and assess the impact of cyber incidents on physical processes. - Experience with any of the following tools: - Claroty CTD - Nozomi Guardian - Dragos Platform - Tenable.ot - Forescout/SCADAfence Workplace type Remote Working

United Kingdom
ServiceNow logo

Senior Info Sec Operations Engineer

ServiceNow

ServiceNow provides cloud-based services that automate enterprise information technology operations. As an employer, ServiceNow offers a challenging, collaborat

Full TimeRemoteTeam 29,000Since 2004

Role Description What you get to do in this role: - Experience with Okta admin console and REST API (user/group lifecycle, session management, directory integration) - Production experience building Python automation scripts (testing, error handling, logging, observability) - Hands-on experience with SailPoint IIQ connectors (configuration, troubleshooting, custom rule development) - Familiarity with ServiceNow ITSM, workflow automation, and integrations (MCP servers, Flow Designer) - Experience with AI/LLM concepts, prompt engineering, or API-based automation (building chatbots, autonomous agents, or similar) - Exposure to Splunk, Grafana, or similar observability platforms - DevOps/GitOps experience, CI/CD pipeline familiarity, or infrastructure-as-code exposure - CISSP, CISM, or equivalent IAM certification - Background in FedRAMP-compliant environments or similar compliance frameworks - Solid experience in Agile development processes and DevOps culture - Learning mindset and keen interest to build knowledge of User Access Management and AI-native automation Qualifications - Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. - 4+ years of hands-on IAM experience, including SailPoint IIQ 8.x+ operations in enterprise environments - Deep operational experience with two or more of: Active Directory, Entra ID, LDAP, Okta, PAM (CyberArk/PBUL) - Intermediate-to-advanced proficiency in at least one programming/scripting language (Python preferred, but PowerShell, Bash, or JavaScript acceptable) - Proven experience with RESTful API design and consumption (Okta SDK, SailPoint SDK, or equivalent) - Working knowledge of identity governance concepts: role-based access control (RBAC), access requests, certification workflows - SQL fluency for data analysis and troubleshooting - Familiarity with ITIL practices (incident, problem, change, service request management) - Experience troubleshooting complex account provisioning/deprovisioning workflows in multi-directory environments - Strong documentation and communication skills; ability to translate technical details into executive-ready briefs - Demonstrated ability to work effectively in distributed, asynchronous environments (across timezones) - Comfort operating in FedRAMP-compliant environments with audit trail and compliance considerations - Proven problem-solving and analytical skills with excellent written and verbal communication abilities - Ability to build strong stakeholder relationships across GRC, Legal, Security, and Engineering teams Requirements - Base pay of $161,300 - $274,200, plus equity (when applicable), variable/incentive compensation and benefits. - Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. - Health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Benefits - Flexible and remote work options. Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone—freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow— helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started.

Northern America
$161.3K - $274.2K / year