Sr. SOC Analyst

Job Title: Sr. SOC AnalystDuration: 12+ Months (Possible extension)Location: New York, NY 10286Onsite Role (4 days a week)Responsibilities:24/7/365 supportThe analyst triages alerts that come into the dashboards, review and escalate, and drive to closureMay triage a couple hundred alerts per month (1 every 30 minutes is baseline expectations)Will lead incident triage, coordinate response efforts across teams, and mentor analysts to continuously improve detection, response, and recovery capabilities.Will leverage SIEM, EDR, and SOAR tooling to investigate complex threats, reduce dwell time, and strengthen operational resilience for mission-critical services.Lead triage and investigation of security alerts, escalating and coordinating incident response as needed.Perform root cause analysis, scope affected assets, and drive containment, eradication, and recovery.Correlate events across SIEM, EDR, IDS/IPS, firewalls, cloud logs, and identity platforms to identify true positives and reduce false positives.Develop, refine, and maintain SOC playbooks, runbooks, and detection logic aligned to the MITRE Telecommunication&CK framework.Mentor junior analysts and provide guidance on investigation techniques, documentation standards, and operational best practices.Coordinate with Threat Intelligence to enrich investigations, track adversary TTPs, and proactively hunt for indicators of compromise.Partner with Engineering teams to tune detections, improve log fidelity, and strengthen preventive controls.Create clear, actionable incident reports and executive summaries; contribute to metrics and trend analysis.Support purple team exercises and post-incident reviews to capture lessons learned and drive continuous improvement.Ensure adherence to regulatory and security policies; maintain audit-ready documentation for investigations and incidents.Education/Experience:5–8+ years of experience in a SOC, incident response, or threat detection role, including Tier 2/3 investigations.Advanced proficiency with SIEM (e.g., Splunk, QRadar, Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and SOAR platforms.Strong knowledge of network security, Windows/Linux, identity systems, and common cloud logging sources.Ability to manipulate data within Splunk is preferred.Hands-on experience with the MITRE Telecommunication&CK framework, threat hunting, IOC/IOA development, and detection tuning.Demonstrated ability to lead complex incidents, coordinate stakeholders, and communicate clearly under time pressure.Scripting or automation experience (e.g., Python, PowerShell) for investigation of enrichment and workflow improvements.Familiarity with NIST CSF/800-61, CIS Controls, and common regulatory requirements impacting incident response.Excellent documentation skills and an evidence-driven approach to investigations.Preferred:Relevant certifications: GCIA, GCED, GCIH, GCFA, GNFA, CISSP, CCSP, or equivalent experience.Experience with ticketing and case management systems (e.g., ServiceNow) and knowledge management practices.Prior experience with threat Client platforms, sandboxing tools, and malware triage is a plus.Experience with NIST or FedRAMP is a plus but not required