Security Operations Analyst I

At Zotec Partners, our People make it happen. Transforming the healthcare industry isn’t easy. But when you build a team like the one we have, that goal can become a reality. Our accomplishments can’t happen without our extraordinary people – the men and women across the country who make up our diverse Zotec family and help make this company a best place to work.Over 25 years ago, we started Zotec with a clear vision, to partner with physicians to simplify the business of healthcare. Today we are more than 900 employees strong and we continue to use our incredible talent and energy to bring that vision to life. We are a team of Innovators, Collaborators and Doers.We’re seeking a Security Operations Analyst I to join us.The Security Operations Analyst I serves as an entry-level member of the Security Operations Center (SOC), responsible for performing initial investigations of detections surfaced by Splunk Enterprise Security, CrowdStrike, and Abnormal AI. This role focuses on developing foundational monitoring, triage, and documentation skills under the guidance of senior analysts. The Analyst I plays a critical role in ensuring detections are accurately categorized, documented, and escalated in accordance with established runbooks and SOC procedures. Shift handoff dashboards produced by the Analyst I are reviewed by the Analyst II prior to escalation or distribution.What You'll DoSecurity Monitoring & InvestigationMonitor and triage detections from Splunk Enterprise Security, CrowdStrike, and Abnormal AIExecute basic Splunk SPL searches to investigate alerts and retrieve relevant log dataRead and interpret existing Splunk dashboards to support monitoring and shift situational awarenessPerform initial investigation of alerts to determine whether a detection represents a Security Event requiring escalationDocument investigation findings accurately and completely in ClickUp per established case management proceduresFollow established runbooks for standard detection types and escalation criteriaEscalate confirmed or suspected Security Events to the Analyst II per defined proceduresEnrich indicators of compromise (IOCs) using tools such as VirusTotal and AbuseIPDB to support investigation contextMaintain awareness of current threats and indicators of compromise relevant to the organization’s environmentPhishing InvestigationPerform initial triage of phishing submissions and Abnormal AI-surfaced email threatsReview reported emails in the Abnormal console and Splunk to assess malicious indicatorsDocument phishing investigation findings in ClickUp and escalate confirmed threats to the Analyst IIFollow established phishing response runbooks including initial containment actions within authorized scopeEndpoint & Access MonitoringMonitor CrowdStrike detections and alerts for endpoint threats; document findings and escalate per runbookReview Netskope alerts for anomalous web or cloud access activity and escalate as appropriateReview CyberArk PAM-sourced events in Splunk for basic privileged account anomalies per defined criteriaSOAR & Automation Execute existing Splunk SOAR playbooks as directed to support investigation and response workflows (in implementation)Document playbook execution results in ClickUp and flag any unexpected outputs to the Analyst IIReporting & Shift HandoffProduce accurate shift handoff notes and alert summary dashboards in Splunk for Analyst II reviewContribute to daily SOC reporting by ensuring case notes and investigation status are current in ClickUpIdentify and communicate false positive patterns to senior analysts to support detection quality improvementProcess & Documentation Follow all SOC runbooks, standard operating procedures, and escalation workflowsContribute to the knowledge base by documenting novel investigation findings or patternsParticipate in team meetings, training sessions, and incident response drillsNote: File integrity monitoring and data loss prevention alerting will be onboarded as monitoring sources in a future phase; SOC Analyst I responsibilities will be updated accordinglyWhat You'll Bring To Zotec0–2 years of experience in information security, IT operations, or a related fieldKnowledge of:Foundational security concepts including common attack types and threat categoriesNetwork protocols and basic infrastructure conceptsWindows and Linux operating system fundamentalsLog analysis and basic security event correlationFamiliarity with:SIEM platforms and security monitoring toolsEDR/XDR solutionsIDS/IPS systemsStandard incident response proceduresPreferredSecurity certifications such as:CompTIA Security+HTB CJCA — Certified Junior Cybersecurity Analyst (entry-level SOC, SIEM monitoring, network traffic analysis, log review, intrusion detection)SSCP or GCIAHands-on exposure to Splunk (basic searches, alert review, dashboard navigation)Familiarity with CrowdStrike Falcon consoleBasic scripting exposure (Python, PowerShell, or Bash)Bachelor’s degree in Computer Science, Cybersecurity, or related field, or equivalent experienceAt Zotec, you will enjoy a network of highly experienced professionals in an environment where you can operate with autonomy yet have the resources and backing of other professionals in a similar role. Entrepreneurial and enterprising is the spirit of our team. If you are an original thinker and opportunity seeker, we'd like to talk to you!Learn more about our organization, by visiting us at www.zotecpartners.comE-Verify and Equal Opportunity Employer