Security Operations Analyst II
About the role
The IT Team is seeking a Security Operations Analyst II to lead in-depth investigations and incident response to escalated events and be involved in security-based projects as well as manage security solutions/systems.
Responsibilities
- Lead investigations for escalated incidents such as account compromises, endpoint malware, suspicious network activity, and SaaS misuse.
- Correlate data across SIEM/XDR, identity/SSO, endpoint/EDR, network, and cloud/SaaS logs to build attack timelines, identify entry vectors, and assess lateral movement.
- Coordinate containment and remediation with Infrastructure/IT—disabling or recovering compromised accounts, isolating infected endpoints and removing malware, validating EDR coverage and system integrity, and confirming cleanup success.
- Produce clear, audit-ready incident documentation detailing scope, evidence, actions, timelines, decisions, and resolution rationale.
- Act as an escalation point for the Service Desk and junior analysts, provide real-time guidance, and apply chain-of-custody and evidence-preservation practices for high-severity events, maintaining case files with hashes, screenshots, and IOC/IOA sets.
- Tune and improve detections, automate repetitive workflows, and drive incident response improvements.
- Refine existing rules and propose new use cases based on investigations and recurring patterns; enrich cases with threat intelligence (IOCs and TTPs) and incorporate those learnings into future detections and playbooks.
- Contribute and evolve response playbooks for major incident types (account compromise, endpoint malware, SaaS abuse, suspicious network activity), participate in post-incident reviews with root-cause analyses and practitioner-level technical narratives, and recommend prioritized, practical prevention and mitigation improvements.
- Conduct targeted threat hunts (e.g., OAuth abuse, living-off-the-land binaries, credential-stuffing against legacy protocols), define and track alert-quality KPIs (true/false positive ratios, suppression coverage), and collaborate to improve MTTD/MTTR.
Requirements
- Bachelor’s Degree in the field of Computer Science, technology, or a related area with a master’s degree preferred.
- 2–5 years in Security Operations or Infrastructure/IT Operations with a security focus.
- 2+ years Windows/sysadmin experience; macOS/Linux a plus.
- 2+ years core networking (IP, DNS, ports, VPN, firewalls).
- Hands-on experience with SIEM/XDR, EDR, identity/SSO, and cloud/SaaS logs.
- Able to read Windows event logs, perform basic endpoint triage, and apply MITRE ATT&CK for triage.
- Strong written/verbal communication and incident leadership skills.
- CompTIA Security+ required and other security certifications preferred.
Qualifications
- Experience with SIEM/XDR, EDR, identity/SSO, and cloud/SaaS logs.
- Ability to correlate data across multiple log sources.
- Experience with incident response and containment.
- Knowledge of MITRE ATT&CK framework.
- Strong communication and leadership skills.
Skills
- SIEM/XDR, EDR, identity/SSO, and cloud/SaaS logs.
- MITRE ATT&CK framework.
- Incident response and containment.
- Threat hunting and analysis.
- Communication and leadership skills.
Benefits
We offer a variety of benefits that take compensation well beyond a paycheck. This includes traditional benefits and benefits you might not expect or know about. The salary range provided is based on a number of factors, including location, job-related skills, experience, and qualifications. Compensation Pay Range: $105,000.00 to $135,000.00 per yearDiscretionary Annual Bonus Plan Benefits & Perks Medical; Vision; Dental:100% Company-paid plans (including eligible dependents) and affordable buy-up optionsLife Insurance; Accidental Death & Dismemberment Insurance; Long Term DisabilityBehavioral Health Program Accessible 24/7Tax-Free Flexible Spending Accounts401(K) Retirement Plan with Employer MatchingRecognition & Rewards Program (Torch)Vacation: 10 days per year with accrual increase overtimeAnniversary Vacation: 40-hour Vacation Granted at Tenured MilestonesSick Leave: 9 days per year12 paid holidays, including your birthday!Paid Volunteer TimeTenure-based Housing discountsEducational Assistance, Tuition ReimbursementReferral BonusHybrid Work Schedule