Sr. Security Analyst - Security Operations Center (SOC)
Job Description
We are Lennar
Lennar is one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live in, and fostering a culture of opportunity and growth for our Associates throughout their career. Lennar has been recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States.
About the Role
Join a Company that Empowers You to Build Your Future
Responsibilities
- Lead investigations of complex, high severity security incidents from detection through containment, remediation, and recovery, coordinating across internal teams and the MDR partner.
- Act as the primary escalation point for Tier 3 alerts and incidents and perform root cause analysis with actionable remediation plans.
- Serve as the primary liaison to the MDR provider: validate and triage MDR alerts, ensure alignment on response protocols and escalation procedures, and provide tuning recommendations to improve detection fidelity.
- Develop and maintain incident response playbooks, runbooks, and workflows.
- Analyze threat actor tactics, techniques, and procedures (TTPs) and translate findings into improved defenses and detection content.
- Conduct proactive, hypothesis-driven threat hunts across endpoint, identity, network, and cloud telemetry, leveraging threat intelligence and the MITRE ATT&CK framework to surface threats that evade automated detection.
- Operationalize hunt findings into durable detection logic and response procedures.
- Identify recurring, manual, or manual heavy SOC processes and design automation to reduce analyst effort and accelerate response.
- Build, test, and maintain automated playbooks and response workflows in a SOAR platform (e.g., Torq, Microsoft Sentinel Automation Rules and Logic Apps) for enrichment, triage, containment, and case management.
- Develop, tune, and operationalize detection and correlation rules through automated validation and deployment.
- Measure the impact of automation against SOC performance metrics (MTTD, MTTR, alert volume, false-positive rate) and iterate based on results.
- Partner with Detection Engineering and Security Engineering to integrate tooling, close telemetry gaps, and standardize repeatable response.
- Mentor Tier 1 and Tier 2 analysts, lead knowledge-sharing, and uplevel team investigative tradecraft and tooling proficiency.
- Document incident timelines, findings, and lessons learned.
- Track, analyze, and drive improvement of core SOC performance metrics (MTTD, MTTR, detection coverage, false-positive rate), and use them to prioritize tuning and automation efforts.
- Generate executive-level and technical reports on SOC performance and incidents, and support compliance and audit efforts through accurate record-keeping and evidence handling.
Requirements
- Minimum 5-7 years of experience in a cybersecurity operations role, with at least 3 years in a Tier 2/Tier 3 SOC or escalation capacity.
- CompTIA Security+ or equivalent.
- Proven experience leading incident response triage, investigation, and remediation, including working directly with MDR partners.
- In-depth knowledge of security tools and technologies, including SIEM/SOAR platforms (e.g., Microsoft Sentinel), endpoint detection and response solutions (e.g., Microsoft Defender XDR, Palo Alto Cortex XDR), and ticketing systems (e.g., ServiceNow).
- Demonstrated ability to author and tune detection content (e.g., KQL in Sentinel/Defender) and operationalize it into production.
- Experience analyzing cloud security telemetry (e.g., Azure/Entra sign-in logs, AWS CloudTrail).
- Hands-on experience building or maintaining automated playbooks and response workflows in a SOAR platform.
- Strong understanding of network security concepts, operating systems, and malware analysis techniques.
- Familiarity with the MITRE ATT&CK framework and threat intelligence platforms.
- Excellent analytical, problem-solving, and communication skills, with the ability to work under pressure and manage multiple priorities.
Preferred
- Certifications such as CISSP, GCIA, GCIH, GCFA, CySA+, eJPT/PJPT, CEH, SC-200.
- Scripting and automation skills (Python, PowerShell) for tooling, enrichment, and analysis.
- Experience supporting an EDR platform migration (e.g., Cortex XDR to Microsoft Defender XDR).
- Experience with or strong interest in AI-assisted triage and agentic SOC tooling to augment analyst workflows.
- Broader cloud security experience across AWS, Azure, and OCI.
- Experience with Microsoft Sentinel, Proofpoint, and Palo Alto Cortex XDR.
Work Environment
Mandatory 4-days onsite; 1-days remote.
On-call rotation may be required for critical incident response.
Collaborative team environment with opportunities for growth and specialization.
Pay
N/A
Schedule
N/A
Benefits
Visit Lennartotalrewards.com to view our suite of benefits.
Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.