• Own the relationship with our managed SOC, including alert quality, escalation workflows, SLAs, runbooks, and continuous improvement of detection coverage and response effectiveness. Assist with triage, investigations, and respond to security alerts across endpoints, identity, cloud, network, and application logs. • Operate and maintain our SIEM, including log onboarding, parsing, normalization, correlation rules, alert tuning, and lifecycle management to reduce noise and increase signal. • Ensure critical systems generate the right security telemetry, filling gaps across endpoints, identity providers, network devices, SaaS tools, and cloud platforms. • Continuously refine detection logic based on threat intelligence, SOC feedback, incident learnings, and emerging attack techniques. • Assist with security incidents, working with IT, Engineering, and external partners to contain, eradicate, and recover from incidents. • Develop, maintain, and continuously improve incident response playbooks, escalation paths, and communication procedures. • Track and report on key security operations metrics such as alert volumes, false positive rates, mean time to detect (MTTD), mean time to respond (MTTR), and SOC performance. • Act as the security liaison to the IT Helpdesk, ensuring security-related tickets are properly triaged, prioritized, and resolved without slowing down business operations. • Provide guidance and context to IT teams on security alerts, risks, and required actions, helping raise the overall security maturity of frontline support teams.

• Monitor, investigate, and respond to security incidents and alerts in real-time • Manage and optimize security tools including Crowdstrike and Wiz • Conduct threat hunting and proactive security analysis to identify potential vulnerabilities • Develop and maintain security incident response playbooks and documentation • Perform log analysis and correlation to identify security events and anomalies • Support SOC2 audit preparation and maintain ongoing compliance requirements • Assist with other security and compliance certification standards and frameworks • Implement and enforce security policies, procedures, and controls • Conduct security assessments and risk evaluations • Maintain evidence collection and documentation for audit purposes • Serve as a security resource and advisor to end users, providing guidance on security best practices • Partner with development teams to integrate security into the software development lifecycle • Communicate security incidents and risks to both technical and non-technical stakeholders • Provide security awareness training and guidance across the organization • Balance security requirements with business needs while maintaining a customer service-oriented approach

• Own Tier 2 escalations across endpoints, identity & access, collaboration tools, and core services—balancing fast resolution with long-term quality. • Investigate root causes of recurring issues and design durable fixes that prevent repeat incidents (vs. one-off workarounds). • Develop secure configuration standards and baselines spanning endpoints, GenAI, orchestration, and SaaS/cloud infrastructure, and iterate on them to support scale and reliability. • Shape incident/problem/change practices by proposing safe changes with clear rollback plans and improving how the team learns from incidents. • Create operational documentation (knowledge base articles, runbooks, reusable patterns) that reduces escalations and uplevels the service desk. • Triage and investigate security alerts in EDR/SIEM/SOAR, escalate effectively, and coordinate containment to recovery using playbooks with clear timelines. • Build and improve automations + analytics (GenAI/ML workflows, scripts/APIs, dashboards) to streamline tasks like alert enrichment, ticket routing, lifecycle changes, remediation flows, and ongoing operational reporting. • Partner on vulnerability and patch management by prioritizing issues, tracking remediation to SLAs, and verifying closure in measurable ways.

We are seeking a dedicated and experienced individual with a strong background in information security and technology to join our growing Managed Security Service Provider (MSSP) within the Security Operations Center (SOC).  As a SOC Analyst, you will play a crucial role as the technical expert who ensures our SIEM platform runs at peak performance and provides actionable security intelligence. This individual will be a key part of our security infrastructure team, working closely with SOC Analysts and IT staff. You must live in one of these locations to be considered for this remote position. (Connecticut, Delaware, Florida, Georgia, Illinois, Maryland, Massachusetts, New York, South Carolina, North Carolina, Tennessee, Texas, Utah, Virginia,Vermont, DC, Kentucky, Pennsylvania, Ohio or Washington.)   Duties/Responsibilities: - SIEM Platform Management - Administer and maintain the SIEM platform, ensuring system health, performance, storage, and availability. Perform updates, patching, and backups regularly. - Log Source Integration - Coordinate with internal and client teams to onboard new log sources, ensuring accurate and efficient data collection and parsing. - Content Development and Optimization - Create, tune, and manage SIEM content including correlation rules, alerts, dashboards, and reports to enhance detection capabilities and reduce false positives. - Performance Monitoring and Optimization - Analyze SIEM performance metrics and implement improvements to support scalability and high-speed querying. - Documentation and Reporting - Maintain documentation for SIEM architecture, processes, and procedures. Generate reports on system health, performance, and security metrics for management and compliance. - Security Incident Response - Conduct in-depth analysis and investigation of security incidents. Collaborate with SOC analysts to escalate and resolve advanced threats. - Client Engagement and Advisory - Assess client security needs and recommend tailored solutions aligned with Kraft Kennedy SOC standards. Develop and implement security policies to strengthen client security posture. - Collaboration and Support - Provide technical guidance and support to the SOC team. Troubleshoot SIEM-related issues and ensure timely resolution. - Continuous Learning and Threat Awareness - Stay current with emerging security trends, technologies, and threats to proactively safeguard client environments.