Cyber Advisors (CA) is a rapidly growing Cybersecurity Consulting firm and MSP. We are seeking a Senior SOC Analyst for our Defensive Security team, to support our accelerating company growth and the equally important growth of one's own career. CA believes in inclusion and is dedicated to continued employee development. We offer a competitive salary and benefits and want candidates who focus on innovation and results. Successful CA employees are detail oriented and have excellent communication skills. The successful candidate will be a creative problem-solver with the ability to structure and order assignments efficiently. Candidates should apply to become part of a forward-thinking team that values your contributions and well-being
SUMMARY
The Senior SOC Analyst is a technical lead responsible for advanced investigations, incident coordination, and continuous improvement of documentation and detection and response capabilities. This role leads escalations, complex cases end-to-end, mentors junior analysts, and partners with engineering and stakeholders to reduce risk across endpoint, network, identity, and cloud environments.
KEY RESPONSIBILITIES
Lead deep-dive investigations across SIEM/EDR, cloud, and network telemetry; build timelines and determine scope and impact.
Perform advanced analysis of endpoint activity, authentication/identity events, email telemetry, and network artifacts to identify attacker TTPs.
Drive case direction by forming and testing hypotheses; identify containment and remediation actions with clear rationale.
Provide clear, actionable technical updates and risk-based recommendations to technical and nontechnical audiences.
Conduct root cause analysis and contribute to post-incident reviews; ensure corrective actions and detection improvements are tracked to completion.
Develop and maintain detection content (KQL/SPL/Sigma) and associated response playbooks; validate efficacy through testing and tuning.
Perform proactive threat hunting using known IOCs, behavioral analytics, and threat intelligence; document hunt hypotheses and outcomes.
Design or request SOAR/automation improvements to reduce time-to-triage and improve consistency (enrichment, containment workflows, reporting).
Mentor and coach SOC Analysts; provide structured feedback on investigations, ticket quality, and incident handling.
Establish and reinforce documentation standards, severity classification consistency, and investigation methodologies.
Deliver high-quality incident reports including executive summaries, technical details, and prioritized remediation recommendations (as assigned).
WORK SCHEDULE AND ENVIROMENT
SOC operations may include evenings, nights, weekends, and holidays depending on coverage needs.
Participation in an on-call rotation may be required, including serving as an escalation point for major incidents.
This role requires calm leadership during high-stress events and the ability to manage multiple parallel investigations.
REQUIRED QUALIFICATION
3-6+ years of experience in security operations, incident response, threat detection, or threat analysis.
Demonstrated experience leading complex investigations and coordinating incident response across technical teams.
Strong proficiency with SIEM and EDR platforms; experience writing detection logic and running advanced queries (KQL/SPL/Sigma).
Strong knowledge of adversary behaviors and frameworks (MITRE ATT&CK) and incident handling practices (NIST concepts).
Experience with cloud and identity security telemetry (Microsoft 365, Azure/AWS, Entra ID/Azure AD) and modern endpoint telemetry.
Excellent written and verbal communication skills; ability to brief technical and non-technical stakeholders.
Relevant certifications (one or more): CySA+, GCIH, GCIA, ECIH (or equivalent). - Bachelor's degree in a related field or equivalent practical experience.
PREFERRED QUALIFICATIONS
Experience with SOAR platforms and building automation workflows.
Experience with DFIR tooling and evidence handling for endpoint and cloud investigations.
Advanced certifications (as applicable): GCED, CISSP, CTIA, or vendor-specific security operations certifications.
Experience supporting regulated environments and communicating control impacts (HIPAA, PCI-DSS, CJIS, etc.).
Experience partnering with detection engineering, purple team, or threat intel functions.
CORE COMPETENCIES
Technical leadership and ownership mindset - Structured investigation methodology and strong attention to detail
Operational excellence: prioritization, documentation standards, and follow-through
Stakeholder communication and customer empathy
WHAT WE OFFER
Competitive compensation and performance-based incentives.
Vacation and PTO
Employer-paid Health and Dental Insurance for CA employees.
401k with employer matching
Opportunities for professional development, including certifications and ongoing training.
Engaging, dynamic work on a wide range of client security challenges.
