Sr. SOC Analyst

Position Name: Sr. SOC Analyst

Reports to: SOC Team Lead

Location/Type: Remote

Status: Hourly

Atlas Technica shoulders IT management, user support, and cybersecurity for hedge funds and other investment firms. We value ownership, execution, growth, intelligence, and camaraderie, and are looking for people who share these values while putting the customer first.

The SOC Analyst is a Senior front-line and escalation role for complex incidents. Leads investigations, refines detection and runbooks based on real-world cases, and acts as a bridge between SOC, NOC, engineering, and client leadership. Drives consistency and quality in alert handling and incident response.

This role requires strong spoken and written English to lead investigations, provide clear stakeholder updates, and maintain high documentation quality across internal and client-facing communications.

Key Responsibilities

• Alert monitoring and triage
• Serve as the primary front line for SOC security alerts during coverage hours.
• Monitor alerts from Microsoft Defender, Intune, DLP, Azure AD/Entra ID, and SIEM/SOC providers.
• Acknowledge, classify, and prioritize alerts based on severity, client impact, and defined SLAs.
• Execute runbook-driven triage steps (log collection, user verification, initial containment) and determine true/false positives.
• Advanced Investigation and response
• Investigate alerts using Defender portals, SIEM, activity logs, and audit trails.
• Correlate identity, endpoint, cloud, and network signals to build a clear incident narrative.
• Execute containment actions (account disable, password reset, endpoint isolation, firewall change requests) in line with runbooks and change control.
• Escalate incidents to senior SOC staff, NOC, engineering, or client teams based on defined criteria.
• Lead complex investigations involving multiple signals (identity, endpoint, cloud, network), build full incident narratives, and define remediation plans.
• Serve as an escalation point for Junior and SOC Analysts during high-severity or multi-tenant incidents.
• Coordinate with NOC, engineering, CSMs, and clients during major incidents, including stakeholder communications and summaries
• Runbooks, ticketing, and communication
• Own quality and consistency of key SOC runbooks for high-volume or high-severity use cases; drive improvements based on incident learnings.
• Provide detailed feedback to SOC Engineers on tuning needs, false-positive patterns, and gaps in detection or visibility.
• Deliver clear, professional English communications during major incidents, including investigation summaries, stakeholder updates, handoffs, and mentoring feedback.
• Coaching and Process Improvement
• Mentor Junior and SOC Analysts on investigations, documentation, and communication quality.
• Lead portions of SOC ceremonies (case reviews, training sessions) and contribute to continuous improvement of SOC processes and KPIs.
  
  

o

Requirements

• 3-5+ years of experience in IT and/or security operations (NOC, SOC, systems engineering, or equivalent).
• Strong professional proficiency in written and spoken English, including the ability to lead incident communications, produce clear executive-ready summaries, and coach others on documentation quality
• Practical experience with:
• Deep, practical expertise with Defender stack, M365/Azure security controls, and at least one SIEM, including authoring queries, correlated views, and complex investigations
• Strong understanding of identity-centric security, endpoint hardening, and common attack techniques across the kill chain
• Ability to:
• Read and interpret security alerts, logs, and correlated events.
• Communicate clearly with both technical and non-technical stakeholders, including clients.
• Document incidents, runbooks, and processes in a clear, structured way.
• Demonstrated passion for security, strong ownership mindset, follow-through, and data-driven decision-making.
  
  

Desirable Qualifications

• Experience in a Managed Services Provider (MSP) or multi-tenant environment.
• Familiarity with Cavelo or other data discovery/exposure platforms.
• Experience with vulnerability management tools and frameworks (e.g., CIS, NIST).
• Security-related certifications such as Security+, AZ-500, SC-200, or equivalent.
• Experience supporting clients in the financial services or alternative investment industry.