Security Operations Center Analyst - SOAR Platform

Job Description :

- Monitor and triage security alerts using Google SecOps Chronicle, including YARA-L rule authoring and alert enrichment.

- Investigate incidents across cloud, network, and endpoint environments using Chronicles case management and investigative tools.

- Develop and maintain log ingestion pipelines using tools like Bindplane, Cribl, or Logstash.

- Collaborate with Tier-2/3 analysts and threat intelligence teams to refine detection rules and reduce false positives.

- Participate in incident response activities including containment, eradication, and recovery.

- Create and maintain SOC playbooks and automation workflows using Chronicles SOAR capabilities.

- Conduct packet analysis, malware triage, and forensic investigations as needed.

- Stay current on threat landscapes, compliance standards (e.g., MITRE ATT&CK, GDPR, PCI-DSS), and emerging security technologies.

Required Skills :

- 4 - 7 years of experience in a SOC or cybersecurity operations role.

- Proficiency with Google Chronicle, including rule tuning, log analysis, and case management.

- Experience with SIEM tools (e.g., Splunk, QRadar, Elastic Stack) and SOAR platforms.

- Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.

- Familiarity with endpoint detection tools (e.g., CrowdStrike, MS Defender), IDS/IPS, and vulnerability scanners (e.g., Nessus, Qualys).

- Scripting skills in Python, Bash, or PowerShell for automation and data parsing.

Preferred Qualifications :

- Bachelors degree in Cybersecurity, Computer Science, or related field.

- Certifications such as CompTIA Security+, GIAC (GCIH, GCIA), CEH, or Google Cloud Security Engineer.

- Prior experience supporting federal or financial clients.

- Experience with red/blue/purple team exercises and threat hunting.