REGISTRIEREN

Jobbörse

Finde Jobs in deiner Nähe – ob vor Ort, hybrid oder remote.
  • Ähnliche Jobs zu: Sr. Security Analyst - Security Operations Center (SOC)
XX
Sr. Security Analyst - Security Operations Center (SOC)LennarUnited States
Jetzt Bewerben
XX

Sr. Security Analyst - Security Operations Center (SOC)

Lennar
  • US
    United States
  • US
    United States
Jetzt Bewerben

Über

Senior SOC Analyst
We are seeking a highly skilled and experienced Senior SOC Analyst to join our cybersecurity team. This role is critical in leading advanced incident response efforts, managing escalations from cross functional teams and working closely with our MDR partner to ensure rapid detection, containment, and remediation of security threats. The ideal candidate will have deep technical expertise, strong analytical skills, and a proactive mindset toward incident response and continuous improvement. Your Responsibilities on the Team Lead investigations of complex, high severity security incidents from detection through containment, remediation, and recovery, coordinating across internal teams and the MDR partner. Act as the primary escalation point for Tier 3 alerts and incidents and perform root cause analysis with actionable remediation plans. Serve as the primary liaison to the MDR provider: validate and triage MDR alerts, ensure alignment on response protocols and escalation procedures, and provide tuning recommendations to improve detection fidelity. Develop and maintain incident response playbooks, runbooks, and workflows. Analyze threat actor tactics, techniques, and procedures (TTPs) and translate findings into improved defenses and detection content. Conduct proactive, hypothesis-driven threat hunts across endpoint, identity, network, and cloud telemetry, leveraging threat intelligence and the MITRE ATT&CK framework to surface threats that evade automated detection. Operationalize hunt findings into durable detection logic and response procedures. Identify recurring, manual, or manual heavy SOC processes and design automation to reduce analyst effort and accelerate response. Build, test, and maintain automated playbooks and response workflows in a SOAR platform (e.g., Torq, Microsoft Sentinel Automation Rules and Logic Apps) for enrichment, triage, containment, and case management. Develop, tune, and operationalize detection and correlation rules through automated validation and deployment. Measure the impact of automation against SOC performance metrics (MTTD, MTTR, alert volume, false-positive rate) and iterate based on results. Partner with Detection Engineering and Security Engineering to integrate tooling, close telemetry gaps, and standardize repeatable response. Monitor and analyze logs and alerts across SIEM, EDR, identity, and cloud platforms. Correlate data across multiple sources to identify patterns, anomalies, and emerging threats. Maintain situational awareness of the external threat landscape and internal security posture. Mentor Tier 1 and Tier 2 analysts, lead knowledge-sharing, and uplevel team investigative tradecraft and tooling proficiency. Document incident timelines, findings, and lessons learned. Track, analyze, and drive improvement of core SOC performance metrics (MTTD, MTTR, detection coverage, false-positive rate), and use them to prioritize tuning and automation efforts. Generate executive-level and technical reports on SOC performance and incidents, and support compliance and audit efforts through accurate record-keeping and evidence handling. Requirements Minimum 5-7 years of experience in a cybersecurity operations role, with at least 3 years in a Tier 2/Tier 3 SOC or escalation capacity. CompTIA Security+ or equivalent. Proven experience leading incident response triage, investigation, and remediation, including working directly with MDR partners. In-depth knowledge of security tools and technologies, including SIEM/SOAR platforms (e.g., Microsoft Sentinel), endpoint detection and response solutions (e.g., Microsoft Defender XDR, Palo Alto Cortex XDR), and ticketing systems (e.g., ServiceNow). Demonstrated ability to author and tune detection content (e.g., KQL in Sentinel/Defender) and operationalize it into production. Experience analyzing cloud security telemetry (e.g., Azure/Entra sign-in logs, AWS CloudTrail). Hands-on experience building or maintaining automated playbooks and response workflows in a SOAR platform. Strong understanding of network security concepts, operating systems, and malware analysis techniques. Familiarity with the MITRE ATT&CK framework and threat intelligence platforms. Excellent analytical, problem-solving, and communication skills, with the ability to work under pressure and manage multiple priorities. Preferred Certifications such as CISSP, GCIA, GCIH, GCFA, CySA+, eJPT/PJPT, CEH, SC-200. Scripting and automation skills (Python, PowerShell) for tooling, enrichment, and analysis. Experience supporting an EDR platform migration (e.g., Cortex XDR to Microsoft Defender XDR). Experience with or strong interest in AI-assisted triage and agentic SOC tooling to augment analyst workflows. Broader cloud security experience across AWS, Azure, and OCI. Experience with Microsoft Sentinel, Proofpoint, and Palo Alto Cortex XDR. Work Environment Mandatory 4-days onsite; 1-days remote. On-call rotation may be required for critical incident response. Collaborative team environment with opportunities for growth and specialization. This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice. Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.
  • United States

Sprachkenntnisse

  • English
Hinweis für Nutzer

Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.