Senior SOC Analyst - Exempt

Job Description
Seeking a Senior SOC Analyst to join our Security Operations Center. In this role, you will lead incident triage, coordinate response efforts across teams, and mentor analysts to continuously improve detection, response, and recovery capabilities. You will leverage SIEM, EDR, and SOAR tooling to investigate complex threats, reduce dwell time, and strengthen operational resilience for mission-critical services.

Key Responsibilities
• Lead triage and investigation of security alerts, escalating and coordinating incident response as needed.
• Perform root cause analysis, scope affected assets, and drive containment, eradication, and recovery.
• Correlate events across SIEM, EDR, IDS/IPS, firewalls, cloud logs, and identity platforms to identify true positives and reduce false positives.
• Develop, refine, and maintain SOC playbooks, runbooks, and detection logic aligned to the MITRE Telecommunication&CK framework.
• Mentor junior analysts and provide guidance on investigation techniques, documentation standards, and operational best practices.
• Coordinate with Threat Intelligence to enrich investigations, track adversary TTPs, and proactively hunt for indicators of compromise.
• Partner with Engineering teams to tune detections, improve log fidelity, and strengthen preventive controls.
• Create clear, actionable incident reports and executive summaries; contribute to metrics and trend analysis.
• Support purple team exercises and post-incident reviews to capture lessons learned and drive continuous improvement.
• Ensure adherence to regulatory and security policies; maintain audit-ready documentation for investigations and incidents.

Qualifications
• 5-8+ years of experience in a SOC, incident response, or threat detection role, including Tier 2/3 investigations.
• dvanced proficiency with SIEM (e.g., Splunk, QRadar, Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and SOAR platforms.
• Strong knowledge of network security, Windows/Linux, identity systems, and common cloud logging sources.
• Hands-on experience with the MITRE Telecommunication&CK framework, threat hunting, IOC/IOA development, and detection tuning.
• Demonstrated ability to lead complex incidents, coordinate stakeholders, and communicate clearly under time pressure.
• Scripting or automation experience (e.g., Python, PowerShell) for investigation enrichment and workflow improvements.
• Familiarity with NIST CSF/800-61, CIS Controls, and common regulatory requirements impacting incident response.
• Excellent documentation skills and an evidence-driven approach to investigations.
• Occasional flexibility may be required during major incidents or planned exercises.

Preferred Qualifications
• Relevant certifications: GCIA, GCED, GCIH, GCFA, GNFA, CISSP, CCSP, or equivalent experience.
• Experience with ticketing and case management systems (e.g., ServiceNow) and knowledge management practices.
• Prior experience with threat Client platforms, sandboxing tools, and malware triage is a plus.

dditional Information
• Duration: 12 month contract opportunity
• Work Schedule: Sunday - Thursday or Tuesday - Saturday, 8AM - 4PM EST
• Hybrid Work Model: 4 days onsite required weekly in Pittsburgh, Lake Mary, New York, or Washington DC
• Rate Range: $85-90/hr. W2 (based on experience)