SOC Analyst

Job Responsibilities

• Supervise and mentor SOC Analysts
• Assign and balance workload across analysts and shifts
• Monitor queue health, SLA compliance, and alert backlog
• Conduct regular performance check-ins
• Address quality gaps and provide corrective guidance
• Reinforce adherence to documented playbooks and procedures
• Primary Focus: Ensure consistent and effective analyst performance.
• Hands-On Monitoring & Investigation
• Perform daily alert triage alongside SOC Analysts
• Conduct investigations on moderate to high-severity alerts
• Lead or directly support complex or multi-system investigations
• Validate alert classifications and case documentation
• Participate in shift coverage as needed
• Primary Focus: Maintain technical engagement and operational credibility.
• Serve as the first escalation point for analysts
• Lead investigations for high-severity incidents
• Coordinate response actions with internal stakeholders
• Ensure timely and accurate communication during incidents
• Drive investigations to clear, defensible conclusions
• Primary Focus: Maintain operational control during critical events.
• Investigation Quality & Case Governance
• Review analyst investigations for accuracy and completeness
• Approve or return cases prior to closure
• Ensure proper evidence collection and timeline documentation
• Enforce consistent tagging, classification, and case hygiene
• Primary Focus: Protect the integrity of SOC output.
• Process & Continuous Improvement
• Maintain and update SOC playbooks and workflows
• Identify inefficiencies in monitoring or case handling
• Provide feedback on alert tuning and automation improvements
• Capture and integrate lessons learned
• Stakeholder Coordination
• Respond to formal information requests within defined SLAs
• Serve as liaison between SOC analysts and leadership
• Support audits, reporting, and compliance requirements
• Participate in shift handoffs and operational planning
• Primary Focus: Maintain trust and communication across teams.
• Workload Segmentation (Approximate)
• 30% – Direct Monitoring & Investigation Work
• 25% – Escalation & High-Severity Incident Leadership
• 20% – Team Management & Performance Oversight
• 15% – Investigation Quality Review & Case Governance
• 10% – Process Improvement & Documentation
• Percentages may shift during major incidents or staffing changes.

Job Qualifications

• Onsite is required
• Prior experience as a SOC Analyst or Senior Analyst
• Demonstrated ability to lead or coordinate investigations
• Experience mentoring or supervising analysts
• Strong knowledge of: SIEM platforms (Splunk or equivalent) EDR tools, Network, authentication, and endpoint telemetry
• Strong documentation and communication skills
• Ability to make sound decisions in time-sensitive situations
• CompTIA Security+ or CySA+ (or equivalent)
• Experience in incident response or threat hunting
• Familiarity with NIST, CIS, CJIS, or similar frameworks
• Experience with case management multiple platforms
• Scripting/query experience (SPL, KQL, SQL, Python)
• Experience in regulated or government environments
• GCIH, GCIA, GCED or equivalent
• Core Competencies include: Technical leadership, operational accountability, coaching and mentorship, analytical problem-solving, process discipline, clear written and verbal communication, ability to lead under pressure
• Role Notes:
• This is both a management and technical role.
• The Team Lead is expected to maintain hands-on investigative capability.
• Operational response takes priority during active incidents.
• Decisions made in accordance with approved documentation are supported.
• The Team Lead is accountable for team output, not just individual cases.
• This role serves as the primary contact point with state wide cybersecurity collaboration.
• Managing weekend coverage may be necessary.