Jobs · Information Technology · California

Security Operations Analyst (mid level)

Saronic Technologies · San Diego, CA · 4 days ago
On-siteInformation TechnologyFull-time

Responsibilities

  • Monitor and triage security alerts across endpoint, cloud, identity, network, and SaaS telemetry using enterprise SIEM and XDR platforms
  • Perform in-depth alert investigation and root cause analysis, documenting findings with clear, structured timelines and impact assessments
  • Tune detections to reduce false positive noise and improve signal fidelity; contribute to detection-as-code pipelines using structured query languages
  • Operate across multiple detection and visibility platforms as part of a maturing, layered security monitoring ecosystem
  • Lead initial incident response for mid-tier events: contain, eradicate, and recover across endpoint, cloud, and identity domains
  • Participate in the on-call incident rotation and effectively communicate status and findings to the SecOps Lead and relevant stakeholders
  • Conduct post-incident reviews, identifying gaps in detection, response, and containment and translating them into actionable improvements
  • Cook up with Security Engineering and IT during active incidents to accelerate response and reduce dwell time

Qualifications

  • 3+ years of hands-on experience in a Security Operations, detection engineering, or incident response role
  • Demonstrated experience triaging and investigating alerts across at least two of the following: endpoint, cloud, identity, network, or SaaS environments
  • Hands-on proficiency with enterprise SIEM platforms and their query languages; ability to write and iterate on detection logic from scratch
  • Experience with EDR tooling in an operational context; ability to hunt, triage, and respond using endpoint telemetry
  • Solid understanding of attacker TTPs mapped to MITRE ATT&CK, and the ability to apply that knowledge during active investigations
  • Experience writing or iterating on detection logic, response playbooks, or SOC operational documentation
  • Scripting proficiency in Python, PowerShell, or Bash for alert enrichment, automation, or triage support
  • Strong understanding of network fundamentals: TCP/IP, DNS, HTTP/S, firewall and proxy logs, and lateral movement patterns
  • Clear and structured written and verbal communication — you can brief a non-technical stakeholder and write a thorough incident report
  • Ownership mindset: you follow incidents through to closure and flag what needs to be fixed, not just what needs to be documented

Similar jobs