Cybersecurity SOC Analyst II
CHAOS Industries · El Segundo, CA · 6 days ago
On-siteInformation TechnologyFull-time
Responsibilities
- Security Monitoring & Incident Response
- Monitor and triage security alerts and events across enterprise systems, endpoints, cloud platforms, and networks
- Investigate suspicious activity, indicators of compromise, phishing attempts, malware detections, and unauthorized access attempts
- Escalate validated security incidents to senior analysts or engineering teams as appropriate
- Support containment, remediation, and recovery activities during cybersecurity incidents
- Absorb and document root cause analysis
Security Operations & Tool Administration
- Support administration and monitoring of cybersecurity platforms including:
- Microsoft GCC High
- Crowdstrike and other EDR/XDRs
- PIM/PAM Tools
- Variety SIEMs
- Azure Sentinel
- Maintain endpoint detection and response (EDR/XDR) alerts and telemetry
- Assist with tuning alerting rules and reducing false positives
- Support vulnerability management and remediation tracking activities
- Help maintain endpoint, identity, and cloud security configurations
Threat Detection & Analysis
- Review logs and security telemetry from SIEM, endpoint, network, and cloud security platforms
- Identify anomalous or malicious behavior patterns
- Assist with development and improvement of detection rules, playbooks, and response procedures
- Participate in threat hunting and proactive security monitoring initiatives
Compliance & Documentation
- Support cybersecurity compliance initiatives including CMMC, NIST 800-171, and DFARS requirements
- Maintain accurate incident records, investigation notes, and operational documentation
- Absorb audit preparation, evidence collection, and remediation tracking
- Follow established security procedures and escalation processes
Security Awareness & Collaboration
- Collaborate with IT, Engineering, and business teams to improve organizational security posture
- Absorb phishing response and user security awareness efforts
- Contribute to continuous improvement of SOC processes and operational maturity
Minimum Requirements
- 3–5+ years of experience in cybersecurity, IT support, systems administration, or SOC operations
- Foundational understanding of cybersecurity concepts including networking, endpoint security, identity management, and incident response
- Familiarity with security monitoring and alert triage processes
- Experience working with Managed Security Service Providers (MSSPs)
- Experience or exposure to enterprise security platforms such as:
- Microsoft GCC High
- Crowdstrike and other EDR/XDRs
- App Allow/Block-listing tools
- PIM/PAM Tools
- Variety SIEMs
- Azure Sentinel
- Strong understanding of Windows, Linux, macOS, and cloud-based environments
- Basic understanding of SIEM, EDR/XDR, phishing analysis, and log analysis
- Strong analytical, troubleshooting, and problem-solving skills
- Excellent written and verbal communication skills
- Ability to prioritize and manage multiple tasks in a fast-paced environment
- Must be a U.S. Citizen eligible for government facilities and sensitive information
- Ability to obtain additional security clearances as required by contract
Preferred Requirements
- Active Security Clearance
- Experience supporting defense, aerospace, government contracting, or regulated technology environments
- Familiarity with Microsoft GCC High environments
- Familiarity with using AI and LLM tools within the SOC
- Familiarity with monitoring AI and LLM tools
- Exposure to compliance frameworks such as NIST 800-171, CMMC, CIS Controls, or ISO 27001
- Experience with scripting or automation using PowerShell, Python, or Bash
- Familiarity with digital forensic process and chain of custody
- Knowledge of MITRE ATT&CK framework and common threat actor techniques
- Security certifications such as Security+, CySA+, SC-900, Network+, or equivalent
- Experience working in a 24/7 or operational security environment preferred