OneAxiom
About The Role - We are seeking an experienced Senior Security Analyst, Tier 2 to support security monitoring, investigation, escalation, and customer-facing security operations. This role is ideal for an analyst who can independently own a shift, assess alerts across multiple technologies, communicate clearly with customers, and follow documented response plans with sound judgment. - The primary responsibility of this position is monitoring and investigating security alerts. The analyst will review alerts and logs, determine severity and impact, document findings, escalate to customers when required, and contribute to ongoing improvements in detection quality, alert tuning, and threat hunting. Key Responsibilities - Monitor security alerts from SIEM, EDR, firewall, identity, cloud, email security, vulnerability, and other security platforms. - Analyze logs, alerts, and security events to determine validity, severity, scope, and potential business impact. - Document investigations clearly, including evidence reviewed, analysis performed, conclusions reached, and recommended next steps. - Escalate confirmed, suspicious, or high-priority alerts to customers via email and phone when required, following the applicable customer response plan. - Independently manage monitoring and investigation responsibilities during assigned shifts. - Serve as the primary point of contact for designated customers when assigned. - Support Technical Account Managers as a technical security operations point of contact during weekly, monthly, or quarterly customer calls. - Prepare and communicate investigation summaries, security findings, and operational updates for customer-facing discussions. - Recommend alert tuning, detection improvements, and workflow enhancements to improve fidelity and reduce unnecessary noise. - Run proactive threat hunting exercises across customer environments using available telemetry. - Use AI-enabled tools responsibly to accelerate investigations, correlate evidence, summarize findings, and improve analyst efficiency. - Collaborate with internal teams to improve SOC playbooks, escalation procedures, documentation standards, and operational processes. Required Qualifications - 4 or more years of hands-on experience in security operations, SOC monitoring, incident response, threat analysis, or a related security role. - Strong experience reviewing and analyzing logs, alerts, and security telemetry. - Ability to independently investigate security alerts and determine appropriate escalation paths. - Experience working with SIEM platforms. OpenSearch or Elastic experience is strongly preferred. - Familiarity with common security technologies, including EDR, firewalls, IDS/IPS, email security, identity platforms, cloud security tools, and vulnerability management platforms. - Experience performing threat hunting or proactive security investigations. - Strong understanding of common attack techniques, phishing, malware behavior, credential compromise, lateral movement, privilege escalation, persistence, and data exfiltration indicators. - Ability to follow documented incident response plans and customer-specific escalation procedures. - Excellent written and verbal English communication skills. - Comfortable communicating with customers through email and phone during security events. - Strong documentation discipline, attention to detail, and ability to write clear investigation notes. - Ability to work independently during assigned shifts with limited supervision. - Willingness to work US-aligned hours, including day shift, night shift, weekends, holidays, and rotating schedules as required. Preferred Qualifications - Experience working in an MSSP, MDR, SOC, or managed security provider environment. - Experience supporting multiple customer environments simultaneously. - Experience with OpenSearch, Elastic, Splunk, Microsoft Sentinel, QRadar, or similar SIEM platforms. - Experience with endpoint detection and response platforms such as Microsoft Defender for Endpoint, CrowdStrike, SentinelOne, or similar tools. - Familiarity with AWS, Azure, Google Cloud, or other cloud environments. - Familiarity with MITRE ATT&CK, incident response frameworks, and SOC playbooks. - Experience creating, tuning, or improving detection logic, correlation rules, alert thresholds, dashboards, or investigation workflows. - Experience using AI tools to assist with investigations, log analysis, summarization, and security research. - Certifications - Certifications are preferred but not required. Relevant certifications include: - CompTIA Security+ - CompTIA CySA+ - CompTIA Network+ - Blue Team Level 1 or Level 2 - GIAC GCIH, GCIA, GMON, or similar GIAC certification - Microsoft SC-200 - Elastic Certified Analyst - Splunk Core Certified Power User or equivalent - Certified Ethical Hacker, when paired with practical SOC experience - Success in This Role - Success in this role means being able to independently monitor a shift, investigate alerts with sound judgment, document findings clearly, and communicate professionally with customers. The analyst should help improve detection quality, reduce unnecessary alert noise, support customer-facing security discussions, and mature the overall security operations function. - Ideal Candidate Profile - The ideal candidate is a seasoned SOC analyst who is calm under pressure, technically curious, detail-oriented, and comfortable working independently. They can quickly assess alerts across different technologies, determine when escalation is required, and communicate findings in a clear, professional, and customer-ready manner.
OneAxiom