SOC Analyst /Incident Responder

ABOUT BLACK KITEBlack Kite is the global leader in third-party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business leaders a continuous, outside-in view of their entire vendor ecosystem — translating complex cyber, financial, and compliance signals into clear, actionable risk intelligence.We go beyond open standards-based cyber ratings. Black Kite helps organizations make smarter risk decisions, strengthen business resilience, and scale their third-party cyber risk management programs in an increasingly complex digital environment. Our work has earned consistent recognition from customers and industry analysts alike.WHY BLACK KITEWe’re a fast-moving, high-impact team solving one of the most critical challenges in cybersecurity today. If you’re looking to do meaningful work alongside sharp, collaborative people — and grow your career in a space that matters — you’re in the right place.THE OPPORTUNITYThe SOC Analyst / Incident Responder is a mid-level security operations practitioner who owns their work. You will monitor and triage security events, lead incident investigations, execute response activities, and contribute to the continuous improvement of Black Kite's detection and response capability. You report to the SOC Manager and operate with meaningful autonomy on day-to-day security operations.This is not a ticket-routing role. You bring analytical depth to alert investigations, structured thinking to escalations, and proactive energy to threat hunting. You work independently on assigned responsibilities, exercise judgment within established guidelines, and bring the SOC Manager in for decisions that warrant it — not for every event.RESPONSIBILITIESSecurity monitoring & alert triageMonitor security events across email, endpoint, network, identity, and data loss prevention systems during assigned coverage windowsTriage incoming alerts — distinguish genuine threats from false positives, apply context, and prioritize response actions accordinglyIdentify anomalous behavior patterns in log and telemetry data that may indicate threats not captured by automated detectionsMaintain awareness of evolving attack techniques and apply that knowledge to daily detection and triage workIncident responseLead investigation and response for declared security incidents within scope — from initial detection through containment, eradication, and documentationExecute established incident response playbooks accurately and completely; escalate to the SOC Manager when events exceed defined thresholds or require judgment outside the playbookCoordinate with internal stakeholders — legal, operations, HR, and leadership — as appropriate during active incidentsSupport threat hunting activities, proactively searching for indicators of compromise and undetected adversary activityConduct digital forensics analysis to support incident investigation and post-incident reviewDocumentation & reportingProduce thorough, accurate incident reports documenting the full timeline, evidence chain, response actions taken, and recommendationsPresent findings and case summaries to the SOC Manager and information security leadership on a routine basisMaintain and improve incident handling procedures based on lessons learned from investigationsResearch emerging threats, attack methods, and digital forensics techniques; share relevant findings with the broader security teamSecurity operations improvementIdentify gaps or inefficiencies in detection coverage and alert quality; bring concrete recommendations to the SOC ManagerContribute to the refinement of playbooks, escalation criteria, and response procedures based on operational experienceSupport Black Kite's security research function with technical review and proofreading of research contentWHAT YOU BRING2–4 years of hands-on experience in security operations, incident response, or a closely related technical disciplineSolid working knowledge of incident response methodology — identification, containment, eradication, recovery, and post-incident reviewUnderstanding of security architecture and networking fundamentals: TCP/IP, DNS, HTTP, SMTP, and common attack vectors at each layerWorking knowledge of Linux/Unix and Windows operating systems including command-line proficiencyExperience with at least one scripting language — Python or Bash — for log analysis, automation, or investigation supportDemonstrated ability to produce clear, structured incident documentation that can be read and understood by auditors and leadershipExercises judgment within defined guidelines — knows when to act, when to escalate, and how to communicate the difference clearlyComfortable working independently in a small, high-ownership team where initiative is expectedPREFERREDPrior experience in a SOC, MSSP, or security operations function at a SaaS or cloud-native companyFamiliarity with SIEM, DLP, endpoint detection and response, email security, or identity security platforms in an operational contextExperience with security assessment tooling — network scanners, vulnerability assessment tools, or forensics platformsActive or in-progress certification: CompTIA CySA+, GIAC GCIH, CEH, or equivalentExposure to compliance-sensitive environments — FedRAMP, SOC 2, or ISO 27001 — where incident documentation quality has audit implicationsThe expected base salary range for this role is $85,000-95,000 per year. Compensation at Black Kite is more than just base pay — we offer a total rewards program that includes performance-based bonuses, equity, flexible healthcare options, paid time off, and retirement savings programs. The annual base salary range for this position represents a nationwide market range and reflects a broad spectrum of salaries for this role across the United States. Actual compensation will depend on factors such as qualifications, skills, experience, and the scope, complexity, and location of the role.