Job Description
We are seeking a
SOC Analyst to support Level 2 security operations and incident response activities in a hybrid environment based in Sandy Springs, GA. This role requires strong technical experience across SIEM tools (with preference for Google SecOps/Chronicle), threat detection, incident handling, and infrastructure security monitoring. You will be responsible for triaging security events, enhancing detection capabilities, and supporting a secure enterprise environment in collaboration with engineering and compliance teams. Key Responsibilities - Monitor, triage, and analyze security alerts from various sources including SIEM, IDS/IPS, EDR, and firewalls.
- Provide Level 2 incident response support during business hours (8x5 EST), including identification, containment, and remediation of security threats.
- Investigate suspicious activity across on-prem and cloud environments (AWS, Azure, GCP).
- Utilize Google SecOps (Chronicle) and other SIEM platforms for log analysis, threat hunting, and correlation.
- Apply the MITRE ATT&CK framework and cyber kill chain methodology to improve threat detection.
- Collaborate with Tier 3 analysts and threat intelligence teams to escalate and resolve complex incidents.
- Develop and maintain playbooks, detection rules, and automation scripts (Python, PowerShell, Bash).
- Participate in red/blue/purple team exercises and contribute to continuous security posture improvements.
- Support compliance initiatives related to HIPAA, PCI-DSS, GDPR, and internal security standards.
- Communicate clearly and professionally with stakeholders across IT, compliance, and executive teams.
Technical Profile - SIEM Tools: Google SecOps (Chronicle preferred), Splunk, QRadar, LogRhythm, Elastic Stack
- IDS/IPS platforms and EDR solutions like MS Defender, CrowdStrike
- Network and endpoint monitoring, malware analysis, and packet inspection tools (Wireshark, tcpdump)
- Familiarity with vulnerability management tools such as Nessus and Qualys
- Understanding of common protocols (TCP/IP, DNS,
- Cloud security across AWS, Azure, and GCP
- Scripting and automation with Python, PowerShell, or Bash
Functional Profile - Hands-on experience in L2 security incident triage and escalation
- Exposure to 24/7 SOC operations or rotational support environments
- Ability to interface across IT, risk, and compliance functions
- Experienced in crisis response and working under pressure
- Curious and motivated to continuously learn and improve detection methods
Skills Summary Core Expertise:
Security Operations Center (SOC), Incident Response, Threat Detection, Security Monitoring
Languages & Frameworks Python, PowerShell, Bash
Reactive & Event-Driven Tools Google SecOps (Chronicle), Splunk, QRadar, LogRhythm, Elastic Stack
Cloud & Containerization AWS, Azure, GCP (cloud security focus)
Other Tools & Technologies Wireshark, tcpdump, Nessus, Qualys, MS Defender, CrowdStrike, MITRE ATT&CK, SIEM, IDS/IPS
Soft Skills Analytical thinking, verbal/written communication, collaboration, crisis management, eagerness to learn
Certifications (Preferred) CompTIA Security+, GCIH, GCIA, GCFA, Certified SOC Analyst (CSA), CEH, CISSP/CISM (a plus)
Job Tags
Contract work,