Security Operations Center (SOC) Analyst I

McGough is a respected partner in the construction industry, and they are seeking a Security Operations Center (SOC) Analyst I to monitor and respond to cybersecurity threats. The role involves working closely with various teams to protect company assets and improve security processes.

Responsibilities

• Monitor SIEM dashboards, EDR alerts, firewall logs, and other security tools for suspicious activity
• Perform initial triage and investigation of security alerts to determine validity and impact
• Escalate confirmed or high-risk incidents to senior analysts or management
• Assist in containment, eradication, and recovery activities during security incidents
• Document incidents thoroughly in ticketing systems and maintain accurate case records
• Conduct basic threat hunting activities using log analysis and endpoint telemetry
• Support vulnerability management processes by reviewing scan results and tracking remediation
• Assist in maintaining and tuning security monitoring rules and alert thresholds
• Participate in incident response tabletop exercises and security drills
• Collaborate with Infrastructure, Network, and Systems teams to remediate vulnerabilities and improve security posture
• Support development and improvement of SOC processes and playbooks
• Assist in maintaining security documentation, procedures, and standards
• Contribute to continuous improvement of detection and response capabilities
• Stay current on emerging cybersecurity threats, vulnerabilities, and industry best practices
• Prepare basic incident summaries and metrics for senior security staff
• Track trends in alerts, phishing attempts, malware detections, and other security events
• Assist in reporting key risk indicators and response metrics
• Participate in cross-functional technology and security initiatives
• Support internal audits and compliance assessments as requested
• Collaborate with internal teams and external vendors when necessary
• Other duties as assigned

Skills

• Associate's degree in Cybersecurity, Information Technology, Computer Science, or related field, or equivalent combination of education and experience
• 0–2 years of experience in IT, cybersecurity, help desk, network support, or system administration
• Foundational understanding of cybersecurity principles including: CIA triad (Confidentiality, Integrity, Availability), Threat actors and attack vectors, Common vulnerabilities and exploits
• Basic knowledge of: SIEM platforms (e.g., Microsoft Sentinel, Splunk, etc.), Endpoint Detection & Response (EDR), Firewalls and intrusion detection/prevention systems (IDS/IPS), TCP/IP, DNS, DHCP, and common network protocols
• Ability to analyze logs and security alerts to determine potential threats
• Understanding of cloud security fundamentals (Microsoft 365, Azure, or AWS preferred)
• Industry certifications such as: CompTIA Security+
• Familiarity with: Microsoft Active Directory and Group Policy, Microsoft Defender suite, Networking fundamentals
• Understanding of: Incident response lifecycle, MITRE ATT&CK framework, Basic threat intelligence concepts
• Experience in ticketing systems (ServiceNow or similar)
• Knowledge of security compliance frameworks (NIST CSF, CIS Controls, ISO 27001)
• Knowledge of construction industry operations

Benefits

• Insurance coverage for medical, dental, vision, life, and disability
• Generous retirement plans
• Voluntary benefit plans
• Parental leave
• Substantial paid time off
• Holiday pay

Company Overview