Security Operations Analyst

Responsibilities

• Triage, investigate, and respond to alerts coming in from the Huntress platform.
• Perform tactical review of EDR telemetry, log sources, and forensic artifacts to determine the root cause of attacks, where possible, and provide remediations needed to remove the threat.
• Perform tactical malware analysis as part of investigating and triaging alerts.
• Investigate suspicious Microsoft M365 activity and provide remediations.
• Assist in escalations from the Product Support team for threat-related and SOC-relevant questions.
• Contribute to detection engineering creation and tuning efforts.
• Contribute to projects focused on driving better outcomes for our analysts and partners.
• Contribute to our collaboratively mentored team.

Requirements

• 2+ years of experience in a SOC or Digital Forensics (DFIR) role.
• Demonstrated experience with Windows, Linux, and MacOS as an attack surface.
• Demonstrated experience with basic Threat Actor tools and techniques (MITRE ATT&CK Framework, PowerShell & Command Prompt Terminals, WMIC, Scheduled Tasks, SCM, Windows Domain and host Enumeration Techniques, Basic Lateral Movement Techniques, Basic Persistence Mechanisms, Basic Defense Evasion Techniques, other offensive/Red Team TTPs).
• Demonstrated experience with static and dynamic malware analysis concepts.
• Working knowledge of Windows Administration or Enterprise Domain Administration (Active Directory, Group Policy, Domain Trusts, etc.).
• Working knowledge of core networking concepts (Common ports/protocols, NAT, Public/Private IPs, VLANs, etc.).
• Working knowledge of web technologies and concepts (Web servers/applications, OWASP top 10, etc.).
• Effective communication skills, with the ability to explain complex events to less technical audiences, enabling effective cross-functional collaboration within the SOC and across departments.
• Dedicated to prioritizing and addressing customer needs and concerns in all decision-making processes.
• A strong sense of curiosity and a genuine excitement for learning.

Nice-to-Haves

• Previous experience in an MSP/MSSP/MDR role.
• Linux and MacOS investigative experience.
• Experience with scripting languages (such as PowerShell, Python, Bash, PHP, JavaScript, or Ruby).
• Demonstrated experience on platforms such as HackTheBox, TryHackMe, Blue Team Labs Online, etc.
• Demonstrated experience with Cloud-based investigations such as M365, Azure, AWS, GCP, etc.
• Participation in cybersecurity competitions such as Capture the Flags, the Collegiate Cyber Defense Competition, etc.
• Familiarity with MSP tools such as RMMs.

Compensation & Benefits

• Compensation Range: $100,000-$125,000 base plus bonus and equity. This role may be eligible for on-call/call-in pay in addition to base pay.
• 100% remote work environment.
• Generous paid time off policy, including vacation, sick time, and paid holidays.
• 12 weeks of paid parental leave.
• Highly competitive and comprehensive medical, dental, and vision benefits plans.
• 401(k) with a 5% contribution regardless of employee contribution.
• Life and Disability insurance plans.
• Stock options for all full-time employees.
• One-time $500 reimbursement for building/upgrading home office.
• Annual allowance for education and professional development assistance.
• $75 USD/month digital reimbursement.
• Access to the BetterUp platform for coaching, personal, and professional growth.