SOC Analyst

As a SOC Analyst within RSM Defense, you play a key role in monitoring, investigating, and responding to security events across a diverse managed security services environment. You will analyze alerts, validate potential threats, support incident response activities, and help strengthen detection capabilities across endpoint, identity, cloud, and network telemetry. You’ll work closely with senior analysts, detection engineers, and response teams to ensure high‑quality service delivery and continuous improvement of SOC operations.

Key Responsibilities

Security Monitoring, Investigation & Incident Response

• Conduct investigations across endpoint, network, cloud, and identity telemetry to validate alerts and identify malicious activity.
• Perform initial and mid‑tier analysis, document findings, and escalate complex cases to senior analysts as needed.
• Support incident response activities by gathering evidence, reconstructing timelines, and contributing to root cause analysis.
• Assist in developing incident summaries and client‑ready documentation.

Detection Support & Content Validation

• Identify false positives, tuning opportunities, and detection gaps during investigations.
• Collaborate with Detection Engineering by providing feedback on rule performance and emerging patterns seen in telemetry.
• Participate in validating new detections before they are deployed into production.

SOAR & Workflow Optimization

• Use SOAR tools to execute automated enrichment, triage steps, and response actions.
• Flag repetitive tasks or bottlenecks that may benefit from automation improvements.
• Validate automated playbook behavior and ensure alignment with SOC escalation procedures.

AI‑Assisted Analysis

• Leverage AI copilots and enrichment tools to support triage, log interpretation, and case documentation.
• Follow established prompt templates and quality‑check AI‑generated outputs for accuracy.
• Provide feedback on AI performance and identify opportunities to improve SOC workflows.

Threat Hunting & Proactive Analysis

• Participate in hypothesis‑driven and intelligence‑led hunts by reviewing artifacts, anomalies, and suspicious activity.
• Recommend potential hunt ideas based on recurring alert patterns or telemetry observations.
• Help ensure hunt findings translate into improved detections or instrumentation.

Collaboration, Documentation & Continuous Improvement

• Maintain clear, accurate case notes and technical documentation.
• Contribute to SOC runbooks, knowledge articles, and internal process improvements.
• Collaborate with peers to share insights, improve consistency, and strengthen overall SOC performance.

Required Qualifications

• Hands‑on experience with SIEM/EDR/XDR platforms and comfort analyzing logs and alerts.
• Familiarity with the incident response lifecycle and basic root cause analysis.
• Understanding of NIST 800‑171/172, CMMC, or similar compliance frameworks.

Preferred Qualifications

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
• 1–3+ years of experience in a SOC, security operations, incident response, or related role.
• Certifications such as Security+, CySA+, GSEC, or similar.
• Experience with Splunk, Elastic, Sentinel, or other search‑based platforms.
• Knowledge of MITRE ATT&CK.
• Exposure to scripting or automation tools is a plus.

Key Attributes

• Curious, analytical, and eager to learn.
• Strong communicator with solid documentation habits.
• Able to work effectively in a fast‑paced, collaborative SOC environment.