Senior SOC Analyst

About the roleWe are looking for a Senior SOC Analyst to lead advanced security monitoring, investigation, and response across our cloud, endpoint, network, and edge environments. This role sits at the L2/L3 level and plays a critical part in incident escalation, detection engineering, and strengthening our overall security posture. You will also act as a mentor to junior analysts and collaborate closely with security, cloud, and engineering teams.Key responsibilitiesPerform advanced L2/L3 alert triage and investigations across endpoint, network, cloud, and edge security platformsLead investigations using SIEM tools to validate incidents, reduce noise, and determine impactAnalyze and respond to edge security events including WAF, DDoS, bot activity, and Zero Trust alertsAct as an escalation point for confirmed incidents and support containment and response actionsConduct root cause analysis and threat investigations, identifying attacker behavior and scope of impactDesign, tune, and maintain detection rules and logic across SIEM platformsImprove detection coverage by aligning rules with the MITRE ATT&CK frameworkMentor and guide junior SOC analysts and contribute to skill development across the teamHelp build and maintain investigation playbooks and incident response runbooksCollaborate with SOC leadership, Cloud Security, and DevOps teams to improve security controls and visibilityWhat success looks likeSecurity alerts are accurately triaged with reduced false positives and faster response timesIncidents are thoroughly investigated with clear root cause analysis and actionable remediationDetection coverage improves continuously across cloud, endpoint, and edge environmentsJunior analysts demonstrate stronger investigation and escalation capabilitiesCross-functional teams are supported with clear, timely security insights and recommendationsQualifications5+ years of experience as a SOC Analyst (L2/L3)Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experienceHands-on experience with SIEM platforms (Splunk, Graylog, or similar)Experience performing alert triage, incident investigation, and escalationStrong knowledge of networking protocols (TCP/IP, DNS, HTTP/HTTPS, BGP)Experience analyzing AWS security logs (CloudTrail, CloudWatch, VPC Flow Logs)Experience with container and Kubernetes runtime security (Kubernetes, Amazon EKS)Hands-on experience with Cloudflare security tools (WAF, DDoS, Bot Management, Zero Trust)Strong understanding of IDS/IPS, firewalls, proxies, and DLP technologiesExperience conducting root cause analysis and post-incident reviewsFamiliarity with MITRE ATT&CK framework and NIST incident response standardsExperience developing and tuning SIEM detection rulesKnowledge of scripting or automation (Python, PowerShell, or Bash)Foundational understanding of AI/ML security concepts and LLM-related risksStrong analytical, investigation, and incident handling skillsAbility to communicate technical findings to non-technical stakeholdersRelevant certifications preferred (GCIA, GCIH, CompTIA CySA+, AWS Security Specialty)#J-18808-Ljbffr