Security Operations Analyst II

Key Responsibilities

Security Monitoring & Analysis

• Monitor SIEM platforms, EDR tools, and network security appliances for indicators of compromise and anomalous activity.
• Triage, investigate, and respond to security alerts by analyzing logs, network traffic, endpoint telemetry, and threat intelligence.
• Distinguish true positives from false positives and operational noise.
• Monitor escalation queues and report mailboxes; prioritize and pivot to investigation or response.
• Conduct proactive threat hunting to identify threats not detected by automated tools.
• Collaborate with IT, network engineering, and application teams during investigations.

Incident Response & Coordination

• Act as incident coordinator during assigned shifts.
• Execute containment, eradication, and recovery actions as per defined playbooks.
• Coordinate incident handoffs with US and EU SOC teams, providing clear briefings.
• Engage stakeholders for system isolation, evidence collection, and remediation.
• Document incident timelines, actions taken, and lessons learned.
• Escalate critical incidents to senior leadership with impact assessments and recommendations.

Global Operations & Continuous Improvement

• Participate in daily global SOC briefings to ensure seamless follow-the-sun operations.
• Work with security engineering to tune detection rules and reduce false positives.
• Improve playbooks, procedures, and documentation based on operational insights.
• Stay updated on emerging threats and financial services security best practices.