Role OverviewID.me is seeking a skilled SOC Triage Analyst to join our rapidly growing security team. If you have a passion for cybersecurity and a desire to advance the digital identity ecosystem, this role offers a unique opportunity to contribute to our mission. The SOC Triage Analyst plays a pivotal role in executing processes that allow the organization to detect, analyze, and respond to cyber threats and security incidents. This role involves hands-on management of incident response, threat hunting, and forensic analysis, with a focus on maintaining the security and integrity of our digital environment. The ideal candidate will have a strong technical background, a keen eye for detail, and the ability to adapt to a fast-paced, dynamic environment.

This is an onsite position in our McLean, VA headquarters.

Responsibilities

• Actively participate in incident response, including host and network-based forensic analysis, to support containment, eradication, recovery, and post-incident reviews.
• Detect, analyze, and respond to cyber threats and incidents using tools such as SIEM (e.g., Chronicle, Splunk), IDS/IPS, EDR, and firewalls.
• Proactively search for Indicators of Compromise (IOC) and Advanced Persistent Threat (APT) tactics, techniques, and procedures (TTPs) to identify potential security threats.
• Contribute to the development of threat detection signatures, analytics, and correlation rules to enhance our detection capabilities.
• Assist in projects related to security monitoring and incident response, providing technical expertise and leadership.
• Collaborate with Tier 2 and Tier 3 staff to detect, classify, and report incidents, ensuring alignment with Standard Operating Procedures (SOPs).
• Engage in threat intelligence activities, leveraging knowledge of adversary tactics and techniques to inform threat hunting and detection efforts.
• Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours.

Required Qualifications

• 3+ years of experience in information security, with a strong focus on incident response and security monitoring.
• 2+ years of demonstrated experience in handling security incidents and responding to cyber threats.
• Proficient in leveraging SIEM tools (preferably Chronicle, Splunk) and other security technologies for threat detection and incident response.
• Solid understanding of cloud environments, particularly AWS, GCP, and/or Azure, and their associated security challenges.
• Experience with threat detection, threat hunting, and the use of threat intelligence to enhance security operations.
• Familiarity with investigations and forensics in MacOS and Linux environments.
• Strong knowledge of email security, network monitoring, and Data Loss Prevention (DLP) techniques.

Preferred Qualifications

• Industry security certifications, such as GCIA, GCIH, GCFA, Security+, or related credentials.
• Prior experience in combating fraud or supporting anti-fraud initiatives.
• Experience developing and implementing Standard Operating Procedures (SOPs) for security incident detection and response.

Ideal Candidate Will Thrive In Our Culture

• Demonstrates a strong passion for security and a commitment to protecting digital identities.
• Adapts well to changing priorities and can shift gears quickly in a fast-paced environment.
• Exhibits excellent oral and written communication skills, with the ability to effectively convey complex security issues.
• Works well within a team, but is also self-driven and capable of managing tasks independently.
• Shows a continuous desire for learning and professional development, staying updated with the latest trends in cybersecurity.

#LI-JS1