Senior Security Operations Center (SOC) Analyst
Role details
Job location
Tech stack
Job description
As a Senior Security Operations Center (SOC) Analyst, you'll take the lead on investigating and mitigating security incidents across the organization. You'll dig into digital evidence, guide teammates through complex problems, and help strengthen our overall detection and response capabilities. In this role, you'll handle hands-on technical work like forensics and incident analysis, while also supporting the team by sharing knowledge, improving processes, and helping shape how we respond to threats., As a Senior Security Operations Center (SOC) Analyst, you'll take the lead on investigating and mitigating security incidents across the organization. You'll dig into digital evidence, guide teammates through complex problems, and help strengthen our overall detection and response capabilities. In this role, you'll handle hands-on technical work like forensics and incident analysis, while also supporting the team by sharing knowledge, improving processes, and helping shape how we respond to threats. Additionally, 40% of this role will be focused around DLP and insider risk initiatives, which include incident analysis and process building in this space., * Incident Analysis & Handling: Triage alerts, investigate suspicious activity, lead incident response steps, and coordinate containment and recovery efforts.
- Data Collection & Normalization: Make sure logs and security data are gathered correctly, cleaned up, and organized so the team can analyze them effectively.
- Digital Forensics: Examine systems, files, logs, and network data to understand what happened during security events.
- Mentoring & Training: Help newer analysts grow by sharing your experience, offering guidance, and running training sessions when needed.
- Technical / Process Guidance: Assist team members with technical questions, tool usage, investigation methods, and established response workflows.
- Shift Leadership: Act as the point person during your shift: manage workload, oversee investigations, ensure smooth handoffs, and support teammates. Participate in a rotating on-call schedule as required.
- Innovation: Look for opportunities to improve processes, recommend new tools or automations, and help refine how the team operates.
Here is What You Can Expect on a Typical Day:
- Reviewing alerts and logs to identify potential threats or unusual activity.
- Leading or assisting with active investigations and driving them toward containment and resolution.
- Running forensic analysis on hosts, cloud workloads, or network artifacts to uncover root causes and timelines.
- Collaborating with IT, cloud, engineering, or other security teams to gather data or take action on investigations.
- Sharing insights with teammates, helping them troubleshoot difficult cases, or walking them through an investigation technique.
- Updating documentation, writing reports, or summarizing incident findings.
- Teaching something new to the team-maybe a tool trick, a technique, or a better approach to analysis.
- Handling shift responsibilities like queue management, monitoring ongoing investigations, and tracking priorities.
- Identifying process gaps or tools that could be improved and proposing better ways to do things.
- Perform other tasks required by management as needed
Requirements
-
Bachelor of Computer Science, Engineering, Information Security, Information Technology, or 4+ years of equivalent experience.
-
3+ years of enterprise level incident handling
-
Ability to partner with enterprise teams within a cybersecurity context, leveraging diverse ideas, experiences, thoughts, and perspectives to improve the organization.
-
Effective oral and written communication skills with experience in cybersecurity technical process documentation.
-
Demonstrated cyber defense and information security passion, including commitment to maintaining technical proficiency
-
Proven record of thought leadership via innovation and non-traditional solutions
-
Fundamental understanding of IT Security practices/programs/tooling, with demonstrated examples of driving initiatives forwards.
Preferred qualifications:
- Advanced cybersecurity certifications (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.)
- Cloud (AWS, Azure, GCP, etc.) certifications
- Proficiency in scripting and high-level programming languages (Python, PowerShell, bash, etc.)
- Functional knowledge of SIEM, SOAR, malware sandboxing solutions and related tools
Benefits & conditions
We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture, and all our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company policies.
Base Salary Range $105,000.00 - $133,000.00
At Zelis we are committed to providing fair and equitable compensation packages. The base salary range allows us to make an offer that considers multiple individualized factors, including experience, education, qualifications, as well as job-related and industry-related knowledge and skills, etc. Base pay is just one part of our Total Rewards package, which may also include discretionary bonus plans, commissions, or other incentives depending on the role.
Zelis' full-time associates are eligible for a highly competitive benefits package as well, which demonstrates our commitment to our employees' health, well-being, and financial protection. The US-based benefits include a 401k plan with employer match, flexible paid time off, holidays, parental leaves, life and disability insurance, and health benefits including medical, dental, vision, and prescription drug coverage.
