Security Operations Analyst (mid level)
Saronic Technologies · San Diego, CA · 4 days ago
On-siteInformation TechnologyFull-time
Responsibilities
- Monitor and triage security alerts across endpoint, cloud, identity, network, and SaaS telemetry using enterprise SIEM and XDR platforms
- Perform in-depth alert investigation and root cause analysis, documenting findings with clear, structured timelines and impact assessments
- Tune detections to reduce false positive noise and improve signal fidelity; contribute to detection-as-code pipelines using structured query languages
- Operate across multiple detection and visibility platforms as part of a maturing, layered security monitoring ecosystem
- Lead initial incident response for mid-tier events: contain, eradicate, and recover across endpoint, cloud, and identity domains
- Participate in the on-call incident rotation and effectively communicate status and findings to the SecOps Lead and relevant stakeholders
- Conduct post-incident reviews, identifying gaps in detection, response, and containment and translating them into actionable improvements
- Cook up with Security Engineering and IT during active incidents to accelerate response and reduce dwell time
Qualifications
- 3+ years of hands-on experience in a Security Operations, detection engineering, or incident response role
- Demonstrated experience triaging and investigating alerts across at least two of the following: endpoint, cloud, identity, network, or SaaS environments
- Hands-on proficiency with enterprise SIEM platforms and their query languages; ability to write and iterate on detection logic from scratch
- Experience with EDR tooling in an operational context; ability to hunt, triage, and respond using endpoint telemetry
- Solid understanding of attacker TTPs mapped to MITRE ATT&CK, and the ability to apply that knowledge during active investigations
- Experience writing or iterating on detection logic, response playbooks, or SOC operational documentation
- Scripting proficiency in Python, PowerShell, or Bash for alert enrichment, automation, or triage support
- Strong understanding of network fundamentals: TCP/IP, DNS, HTTP/S, firewall and proxy logs, and lateral movement patterns
- Clear and structured written and verbal communication — you can brief a non-technical stakeholder and write a thorough incident report
- Ownership mindset: you follow incidents through to closure and flag what needs to be fixed, not just what needs to be documented