Sr. Security Operations Analyst - 100% remote (EST)
Optomi, in partnership with a client in the AI space is looking to add a security operations analyst to their team!
The ideal security operations analyst candidate will have at least 5 years of IT experience, with 2-4 years of experience working in a SOC. This candidate needs to already be working in a senior incident responder role with experience handling escalated incidents and working alerts from beginning to end (including hands-on remediations). Experience working in a smaller environment wearing multiple hats is preferred.
Some scripting/automation and vulnerability management experience is required.
Qualifications
- 2–4 years of experience in security operations, incident response, or related field. 5-8+ years experience working in IT
- Hands-on experience with SIEM, EDR, and network security tools.
- Strong understanding of threat actors, attack techniques (MITRE ATT&CK), and incident response best practices.
- Experience working in vulnerability management
- Ability to analyze logs, packets, and system behavior to detect and investigate malicious activity.
- Scripting skills (Python, PowerShell, or Bash) for automation.
- Excellent written and verbal communication skills.
Preferred:
- Experience in a small-team environment with cross-functional responsibilities.
- Familiarity with cloud security monitoring (AWS, Azure, or GCP).
- Industry certifications such as Security+, CySA+, GCIH, GCIA, or similar.
Key Responsibilities
- Monitor and triage alerts from SIEM, EDR, email security, and other monitoring tools.
- Investigate escalated alerts from MSSP or automated detections.
- Lead response for medium-to-high severity incidents.
- Conduct root cause analysis and document findings in post-incident reports.
- Coordinate with internal teams to contain and eradicate threats.
- Develop custom detection rules, dashboards, and reports.
- Assist in the lifecycle of vulnerability management, from scanning and analysis to remediation tracking.
- Validate and prioritize vulnerabilities based on their exploitability and potential impact to business operations.
- Work directly with IT teams to provide guidance and technical recommendations for patching and configuration changes.
- Track remediation efforts to ensure vulnerabilities are addressed in a timely manner.
- Act as a liaison between security operations and IT/business units.
- Provide technical guidance to Tier 1 analysts (MSSP)
- Communicate security findings and recommended actions to stakeholders in clear, non-technical language.
- Recommend and implement process and tooling enhancements.
- Maintain and refine incident response runbooks and escalation procedures.
