Senior SOC Analyst/Threat Hunter
Lubrizol IMEA · Deer Park, TX · 2 mo ago
Information TechnologyFull-time
About the role
Shape the Future with Us. At Lubrizol, we’re transforming through science, sustainability, and a culture of inclusion. As part of our global team, you’ll be empowered to make a real impact—on your career, your community, and the world around you.
Responsibilities
- Execute defined incident response playbooks to investigate security incidents. This includes clear documentation of incident artifacts and business impacts/concerns.
- Develop new investigation and response playbooks.
- Automate repetitive SOC tasks using Python, PowerShell, and SOAR platforms to improve response time and reduce analyst fatigue.
- Leverage AI/ML-enhanced tools (e.g., SOAR platforms) to improve detection and response efficiency.
- Integrate MITRE ATT&CK and behavioral analytics into threat detection workflows.
- Conduct hypothesis-driven threat hunts using structured methodologies.
- Collaborate with threat intelligence platforms (e.g., MISP, Recorded Future) to enrich investigations.
- Design and execute proactive, hypothesis-based threat hunts across endpoints, networks, and cloud environments using behavioral indicators and threat models.
- Participate in the development and continual refinement of security group operating practices/processes.
- Provide training on tools and team processes for new analysts, Co-Ops, and Interns.
- Participates in definition of security policies, procedures, and standards. Implements, enhances, and execute security policies, procedures, and standards.
- Serve on projects and initiatives as a subject matter expert and technical advisor as assigned.
- Other information security activities as needed.
Requirements
- Bachelor’s degree in cybersecurity, or computer science or a related field with an equivalent combination of education and experience in cybersecurity
- 2 or more industry recognized cybersecurity certification (MAD, GSOC, GCIH, CEH, etc.)
- Minimum of 7 years’ experience in cybersecurity roles
- 4+ years working in a hands-on technical IT support role with strong understanding of networking, operating systems, and Microsoft Active Directory.
- Excellent analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
- Strong written and verbal skills.
- Familiarity with MITRE ATT&CK, Sigma rules, and YARA for threat detection.
- Experience with XQL, KQL, or other query languages for large-scale data analysis
- Ability to build relationships and work in a collaborative, matrix-driven, global environment.
- Strong IT process discipline
- Sound decision making, proactive/creative problem solving and strategic thinking skills.
- Must be a self-starter, able to manage multiple priorities and meet deadlines while providing quality customer service to internal and external stakeholders.
- Knowledge and experience with security access administration systems and processes
- Knowledge and experience with Windows operating systems and Microsoft Active Directory
- Familiarity with industry standards and frameworks (e.g. NIST, CIS Critical Security Controls, SANS, etc.)
Qualifications
- Programming skills necessary to build and maintain interfaces between security tools or automate security processes.
- Experience with AI/ML-based threat detection and automated playbook development.
- Familiarity with threat modeling frameworks and adversary emulation.
- Exposure to OT/ICS environments
- Threat Hunting experience and familiarity with Threat intelligence programs (Recorded Future, Threat Grid, etc.)
- Experience supporting full vendor stack security applications such as SIEM (Cortex/XSIAM), IDS/IPS, endpoint protection, and vulnerability scanners experience
- Project management skills to handle multiple concurrent assignments in a timely manner.
Skills
- MITRE ATT&CK
- Sigma rules
- YARA
- XQL
- KQL
- Python
- PowerShell
- SOAR platforms
- Windows operating systems
- Microsoft Active Directory
- MITRE ATT&CK, Sigma rules, YARA for threat detection
- Security access administration systems and processes
- SIEM (Cortex/XSIAM)
- IDS/IPS
- Endpoint protection
- Vulnerability scanners
- Project management
Benefits
- Competitive salary with performance-based bonus plans
- 401(k) match + Age-Weighted Defined Contribution
- Comprehensive medical, dental & vision coverage
- Health Savings Account (HSA)
- Paid holidays, vacation, and parental leave
- Flexible work environment
- Learning and development opportunities
- Career and professional growth
- Inclusive culture and vibrant community engagement