SOC Operations Analyst

We are seeking a mid-senior SOC Operations Analyst (Contractor) to strengthen day-to-day Security Operations, bring new services/log sources into a SOC-ready operational state, and generate data-driven insights from our datalake to improve detection quality, coverage, and analyst efficiency.

This is not a detection engineering role; however, the contractor will use an understanding of detection logic to negotiate detection requirements with Detection Engineering and ensure outputs are practical and actionable., Operational Readiness & Onboarding

• Lead the end-to-end acceptance for SOC of new detections and new security capabilities, from deployment to steady-state SOC monitoring.
• Validate ingestion, parsing, field mapping, dashboards, health checks, and alert routing.
• Define operational acceptance criteria and ensure readiness before 24/7 handover.

Security Monitoring & Incident Handling

• Perform triage, investigation, and escalation across Splunk ES, AWS, and Azure.
• Maintain high-quality investigation notes and case documentation.
• Identify operational gaps and telemetry blind spots and work cross-functionally to resolve.

Collaboration with Detection Engineering (Non-Engineering)

• Use detection knowledge to articulate SOC requirements, negotiate thresholds/enrichment, and validate detections are actionable and aligned to SOC workflows and severity models.

Documentation & Knowledge Management

• Author and maintain SOPs, playbooks, onboarding guides, data source documentation, and cloud investigation playbooks (versioned, audit-ready, L1/L2 friendly).

Cloud Security Operational Support

• Validate cloud log coverage and investigate alerts across:

• AWS (CloudTrail, GuardDuty, IAM, VPC Flow)
• Azure (Defender, Entra ID, Sentinel logs)

• Recommend improvements to cloud visibility and operational workflows.

Automation & Workflow Efficiency

• Use Python for light automation, enrichment, and data validation; collaborate with SOAR/automation owners.

Data Analysis & Trend Insights

• Query the datalake and SIEM data to produce operational trends and insights:

• Alert volume & false positive trends by use case/source
• Ingestion health (gaps, latency, field completeness, mapping coverage)
• Detection coverage vs. MITRE ATT&CK and priority threats
• MTTR/MTTI, escalation rates, case aging, workload distribution
• Cloud telemetry coverage and identity/privilege risk signals

• Build lightweight dashboards (e.g., Power BI, Splunk dashboards) to support leadership reviews and continuous improvement.
• Translate findings into clear recommendations (retire/noise, tune, add enrichment, onboard source, adjust workflow).
• Apply privacy/GDPR awareness in all analytics (minimize PII, purpose limitation, appropriate retention).

Do you have experience in Splunk?, The role requires strong Splunk ES experience, proven operational discipline, hands-on data analysis skills (Splunk/KQL/Python), AWS/Azure familiarity, and excellent documentation., * 5+ years hands-on SOC operations in a production environment.

• Demonstrated ability to bring services/log sources from concept SOC operational readiness steady state.
• Strong proficiency with Splunk Enterprise Security (notables, triage workflows, dashboards, RBA concepts).
• Operational experience with AWS and Azure logging and investigations.
• Solid understanding of detection logic to collaborate with Detection Engineering (no rule authoring required).
• Excellent documentation skills (SOPs, playbooks, onboarding packages).

Data Analysis Skills

• Proficient with SQL and Python (pandas) for querying, aggregations, and trend analysis.
• Comfortable reading logs, schemas, and data models; basic joins, time series analysis, and KPI creation.
• Ability to turn data into clear visuals and concise recommendations (Power BI/Splunk dashboards).
• Familiarity with data engineering concepts will be a plus (parsing, normalization, lineage, ingestion health) to support operational validation.
• Strong communication and stakeholder management; able to present insights to SOC leadership and negotiate with engineering teams.
• Privacy-first mindset (PII minimization, role-based access, auditability).