Security Operations Analyst (mid level)

Detection & Alert Operations

• Monitor and triage security alerts across endpoint, cloud, identity, network, and SaaS telemetry using enterprise SIEM and XDR platforms
• Perform in-depth alert investigation and root cause analysis, documenting findings with clear, structured timelines and impact assessments
• Tune detections to reduce false positive noise and improve signal fidelity; contribute to detection-as-code pipelines using structured query languages
• Operate across multiple detection and visibility platforms as part of a maturing, layered security monitoring ecosystem

Incident Response & Investigation

• Lead initial incident response for mid-tier events: contain, eradicate, and recover across endpoint, cloud, and identity domains
• Participate in the on-call incident rotation and effectively communicate status and findings to the SecOps Lead and relevant stakeholders
• Conduct post-incident reviews, identifying gaps in detection, response, and containment and translating them into actionable improvements
• Coordinate with Security Engineering and IT during active incidents to accelerate response and reduce dwell time

SecOps Foundation & Enablement

• Support the SecOps Lead in developing and refining response playbooks, runbooks, and analyst workflow documentation
• Conduct targeted threat hunting operations to identify attacker activity not surfaced by automated detections
• Contribute to SecOps metrics tracking, reporting, and operational readiness reviews
• Help onboard and mentor junior analysts as the team grows, serving as a technical resource and process guide

Do you have experience in Triage?, * 3+ years of hands-on experience in a Security Operations, detection engineering, or incident response role

• Demonstrated experience triaging and investigating alerts across at least two of the following: endpoint, cloud, identity, network, or SaaS environments

• Hands-on proficiency with enterprise SIEM platforms and their query languages; ability to write and iterate on detection logic from scratch

• Experience with EDR tooling in an operational context; ability to hunt, triage, and respond using endpoint telemetry

• Solid understanding of attacker TTPs mapped to MITRE ATT&CK, and the ability to apply that knowledge during active investigations

• Experience writing or iterating on detection logic, response playbooks, or SOC operational documentation

• Scripting proficiency in Python, PowerShell, or Bash for alert enrichment, automation, or triage support

• Strong understanding of network fundamentals: TCP/IP, DNS, HTTP/S, firewall and proxy logs, and lateral movement patterns

• Clear and structured written and verbal communication - you can brief a non-technical stakeholder and write a thorough incident report

• Ownership mindset: you follow incidents through to closure and flag what needs to be fixed, not just what needs to be documented

• Security Clearance eligible, * Experience with XDR platforms and cross-domain correlated detection across endpoint, identity, and cloud

• Familiarity with cloud-native security operations and log sources in AWS or Azure environments

• Experience with SOAR platforms or building response automation workflows

• Exposure to supply chain and CI/CD pipeline security monitoring

• Familiarity with data lake-based or pipeline-driven detection architectures

• Experience operating in or supporting classified, GovCloud, or FedRAMP environments

• Background in defense, aerospace, robotics, or other high-assurance operational environments

• Familiarity with compliance frameworks such as NIST SP 800-171, NIST SP 800-53, or CMMC

• Relevant certifications: GIAC GCIH, GCIA, GCFE, BTL1/2, CySA+, OSCP, or equivalent

• Active security clearance or prior clearance history is a strong differentiator, * Prolonged periods of sitting at a desk and working on a computer

• Occasional standing and walking within the office

• Manual dexterity to operate a computer keyboard, mouse, and other office equipment

• Visual acuity to read screens, documents, and reports

• Occasional reaching, bending, or stooping to access file drawers, cabinets, or office supplies

• Lifting and carrying items up to 20 pounds occasionally (e.g., office supplies, packages)

Pulled from the full job description

• Pet insurance
• Paid parental leave
• Food provided
• Parental leave
• Health insurance
• 401(k) matching
• Paid time off, Medical Insurance: Comprehensive health insurance plans covering a range of services

Saronic pays 100% of the premium for employees and 80% for dependents

Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care

Saronic pays 100% of the premium under the basic plan for employees and 80% for dependents

Time Off: Generous PTO and Holidays

Parental Leave: Paid maternity and paternity leave to support new parents

Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses

Retirement Plan: 401(k) plan with company match

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.