Sr SOC Analyst
Legends Global · West Conshohocken, PA · 2 wk ago
Information TechnologyFull-time
About the role
The Senior SOC Analyst is responsible for detection, triage, and response operations across our enterprise. This role blends hands-on incident handling with detection engineering, playbook development, and response automation efforts.
Responsibilities
- Build and operationalize SOC playbooks and escalation workflows.
- Lead alert triage, enrichment, and false-positive suppression.
- Author detection requirements; write and tune SIEM rules.
- Develop hunt hypotheses; lead hunt programs using advanced elements and signals intelligence.
- Design detection strategies across the kill chain; drive enterprise detection strategy.
- Execute incidents end-to-end: containment/eradication, documentation, and communication.
- Conduct post-incident reviews and drive remediation and control improvements.
- Encourage industry collaboration; embed resilient detection engineering practices.
- Advocate and implement automation-first incident response.
Requirements
- Proven experience in a SOC or equivalent detection & response function and is passionate about high-fidelity detections, repeatable playbooks, and measurable outcomes.
- 3-5 years in Security Operations, Detection & Response, or Incident Handling (SOC experience required).
- Hands-on experience with SIEM (e.g., SecOps, Sentinel, QRadar), EDR (e.g., CrowdStrike, Defender, SentinelOne), and SOAR platforms.
- Proficient in authoring detections, rule tuning, enrichment pipelines, and alert routing.
- Demonstrated capability in building and executing IR playbooks and containment/eradication plans.
- Experience conducting post-incident reviews and RCAs, and delivering corrective action plans to engineering teams.
- Scripting skills (Python/PowerShell/Bash) for automation, enrichment, and data wrangling.
- Excellent written communication for case documentation and executive-ready incident summaries.
Qualifications
- Education and/or Experience: Proven experience in a SOC or equivalent detection & response function and is passionate about high-fidelity detections, repeatable playbooks, and measurable outcomes. 3-5 years in Security Operations, Detection & Response, or Incident Handling (SOC experience required).
- Skills: Hands-on experience with SIEM (e.g., SecOps, Sentinel, QRadar), EDR (e.g., CrowdStrike, Defender, SentinelOne), and SOAR platforms. Proficient in authoring detections, rule tuning, enrichment pipelines, and alert routing. Demonstrated capability in building and executing IR playbooks and containment/eradication plans. Scripting skills (Python/PowerShell/Bash) for automation, enrichment, and data wrangling. Excellent written communication for case documentation and executive-ready incident summaries.
Benefits
- Competitive salary, commensurate with experience, and a generous benefits package that includes medical, dental, vision, life and disability insurance, paid vacation, and 401k plan.