SOC Analyst ll

SOC Analyst ll page is loaded## SOC Analyst ll locations:
Remote - Connecticut:
Remote - Wyoming:
Remote - Vermont:
Remote - Montana:
Remote - Indiana time type:
Full time posted on:
Posted 6 Days Agojob requisition :
JR0577(

* Please note:

Every application submitted through Workday is reviewed by a real person, not an AI. We value your time and take each submission seriously.)
*** Summary
* * The Security Analyst II – SOC & SIEM Engineering at Cyber
74 provides elevated Security Operations Center (SOC) support with a strong emphasis on advanced alert analysis, incident investigation, SIEM administration, and detection engineering. This role goes beyond traditional alert triage and includes SIEM content development, tuning, log source onboarding, and proactive detection improvement across client environments.

Security Analysts II play a key role in strengthening Cyber
74’s detection capabilities, supporting incident response efforts, and conducting guided threat-hunting activities to identify more advanced or evasive threats. The ideal candidate demonstrates strong investigative instincts, technical curiosity, and the ability to improve security outcomes through thoughtful analysis and collaboration.
** SOC Operations & Threat Analysis
*** Review, analyze, and correlate SIEM alerts to determine true positives, false positives, and appropriate response actions.
* Perform advanced SOC operations, including monitoring, investigation, reporting, and response to suspicious or malicious activity.
* Conduct deeper incident investigations using SIEM, EDR, and other security telemetry.
* Analyze phishing emails for malicious indicators and provide remediation recommendations.
* Review and respond to alerts from automated security tools and monitoring platforms.
* Conduct threat research on emerging threats, attacker techniques, and vulnerabilities.
* Perform recurring health checks on security tooling and validate alignment with expected configurations.
* Maintain and enhance standard operating procedures (SOPs); create and update documentation as processes evolve.
* Prepare investigation summaries and reports for internal stakeholders and clients.
* Conduct vulnerability analysis and assist with security remediation recommendations.
* Manage and prioritize multiple client environments, investigations, and projects concurrently.
* Participate in an on-call or standby rotation as required.
* Participate in guided threat-hunting exercises using SIEM and EDR telemetry.
* Conduct hypothesis-driven investigations to identify abnormal or suspicious behavior.
* Leverage threat intelligence to enhance detections and hunting activities.
* Assist in identifying advanced, persistent, or evasive threats not caught by automated alerts.
* Document findings and recommend detection or process improvements based on hunt outcomes.
** SIEM Engineering & Detection Development
*** Assist with SIEM deployments and client onboarding activities.
* Ingest, parse, and normalize logs from new data sources into the SIEM and associated platforms.
* Develop, tune, and optimize SIEM detection rules to reduce alert noise and improve fidelity.
* Write and modify SIEM queries (e.g., KQL, SPL, SQL, Lucene) to support investigations and detections.
* Build dashboards, correlation rules, and use cases tailored to specific client environments.
* Identify logging gaps and recommend improvements to increase detection coverage.
* Validate detections using real-world attack techniques, threat intelligence, and historical data.
* Map detections and investigations to MITRE ATT&CK techniques and tactics.
* Collaborate with SOC and engineering teams to continuously improve detection logic and alert quality.
** Required Experience
*** 2+ years of hands-on experience in an L2 SOC, incident response, detection engineering, or SIEM administration role.
* 3–5 years of combined experience across cybersecurity and/or IT disciplines.
* Demonstrated experience performing deeper-level investigations beyond basic alert triage.
* Experience contributing to detection improvements, tuning, or content development.
* Strong understanding of SIEM concepts, log ingestion, parsing, and data normalization.
* Familiarity with Windows and Linux logging fundamentals.
* Experience working with security tools such as SIEM, EDR, DNS filtering, email security, and identity security platforms.
* Ability to manage multiple priorities in a fast-paced, client-facing environment.
* ** Expected Salary to begin at $76,000 annually.
**** Preferred Experience
*** Experience in a multi-tenant SOC, MSSP, or MDR environment.
* Familiarity with MITRE ATT&CK, TTP-based investigations, and threat intelligence.
* Exposure to basic scripting (Power Shell and/or Python) for analysis or automation.
* Understanding of false-positive reduction and detection validation techniques.
* Ability to clearly communicate technical findings to non-technical stakeholders.
** Preferred Certifications
*** CompTIA Security+
* Blue Team Level 1 / Level 2
* eLearn

Security Junior…