Lead Security Operations Center Analyst

- Lead sophisticated incident detection, investigation, and analytical initiatives. - Correlate data from SIEM, EDR, IDS/IPS, and firewall systems to identify and evaluate potential incidents. - Conduct in-depth investigations to ascertain the root cause, scope, and repercussions of incidents. - Utilize frameworks like MITRE ATT&CK to pinpoint adversary tactics, techniques, and procedures (TTPs). - Perform kill-chain and supply chain analyses to comprehend and counter threats. - Organize and steer intricate incident response operations, encompassing identification, containment, eradication, and recovery actions. - Act as the primary escalation point for high-impact or advanced incidents. - Engage in proactive threat hunting to discover emerging risks and hidden vulnerabilities. - Analyze telemetry, logs, and behavioral patterns for signs of compromise or attacks. - Utilize advanced queries within cybersecurity tools to recognize anomalous or suspicious activities. - Ensure appropriate forensic collection, preservation, and analysis of digital evidence in conjunction with forensics teams. - Extract and scrutinize relevant artifacts to support investigations and reviews after incidents. - Develop and improve SOC processes, playbooks, and detection capabilities. - Refine detection rules, alert thresholds, and automation workflows within SIEM/SOAR and other tools. - Create SOPs, knowledge base articles, and training resources for SOC personnel. - Conduct threat intelligence gathering, analysis, and dissemination using both internal and open-source resources. - Generate actionable intelligence and share pertinent threat information with leadership and partner teams. - Mentor and train SOC analysts to enhance their investigative and analytical competencies. - Provide real-time guidance during active incidents. - Facilitate training sessions, tabletop exercises, and red/blue team drills. - Collaborate with stakeholders to bolster the overall cybersecurity posture. - Partner with IT, cloud, and engineering teams to address vulnerabilities and enhance defenses. - Participate in tool evaluations and recommend solutions to fortify SOC capabilities. - Maintain documentation and reporting for SOC operations, including incident timelines, reports, and post-mortem summaries. - Provide executive-level briefings on security events and SOC performance.