[Remote] SOC Security Analyst L2
Note: The job is a remote job and is open to candidates in USA. BlueVoyant is seeking a Security Operations Center (SOC) Security Analyst L2 to help global customers manage and improve their cybersecurity posture. The role involves monitoring security events, conducting investigations, and mentoring junior analysts to ensure the safety and security of customer environments.ResponsibilitiesMonitor and analyze security events and alerts from SIEM platforms, endpoint logs, network telemetry, and EDR toolsResearch indicators of compromise (IOCs) and malicious activity to determine reputation and riskConduct malware analysis, attacker infrastructure investigation, and forensic analysisExecute complex investigations and declare incidents when appropriate Perform live response and remote forensics on compromised endpointsConduct threat hunting activities based on behavioral anomalies and curated intelligenceParticipate in and support incident response, investigation, and documentationCollaborate closely with BlueVoyant Incident Response teams during active intrusionsEnsure events are accurately identified, analyzed, escalated, and documentedIdentify and tune false positives and benign detectionsPerform peer reviews and QA checks on junior analysts’ investigationsMentor lower-level analysts and act as the technical escalation pointCommunicate regularly with clients regarding incidents, findings, and remediation stepsSupport Customer Success teams during client engagements as requiredAssist in improving security policies, procedures, tooling, and automationSkillsUS Citizenship RequiredAbility to remain calm and effective in high-pressure security incident situationsAbility to work directly with customers to gather requirements and provide feedback on security servicesStrong written and verbal communication skills with the ability to translate complex technical concepts into clear, understandable languageStrong teamwork and interpersonal skills; comfortable working with a globally distributed teamWillingness and ability to work a 24/7/365 rotating shift scheduleExperience using SIEM solutions, Cloud App Security tools, and EDR platformsAdvanced understanding of network protocols and network telemetryKnowledge of Windows and Unix forensic artifacts and analysis methodsExpertise in endpoint, web, and authentication log analysisExperience creating SIEM/EDR detectionsExperience responding to modern authentication attacks (AD, Entra, OATH, etc.)Deep knowledge of common attack paths, including LOLBins, adversary tools, BEC attacks, AiTM, and lateral movement techniquesStrong knowledge of SIEM workflows (preferably Microsoft Sentinel or Splunk)Strong knowledge of modern authentication systems and attacks (SSO, OATH, Entra)Strong knowledge of malware detection and analysis (dynamic and light static)Strong knowledge of network and firewall logs, IDS/WAF, web traffic logsStrong knowledge of email security and BEC attack methodologiesStrong knowledge of Windows and Unix forensic artifacts (registry, wtmp/btmp, etc.)Strong knowledge of Windows PE and malicious document analysisStrong knowledge of legitimate and malicious remote access methodsStrong knowledge of O365 attack paths and common adversary techniquesStrong knowledge of network metadata and commonly abused protocolsStrong knowledge of credential harvesting tools and methodologiesExperience in intrusion analysis, incident response, digital forensics, penetration testing, or similar fields3+ years of hands-on SOC/TOC/NOC experienceGIAC certification(s) strongly preferredAdditional certifications such as CISSP, Security+, Network+, CEH, RHCA, RHCE, MCSA, MCP, MCSEFamiliarity with tools such as Microsoft Sentinel, Splunk, Microsoft Defender suite, CrowdStrike Falcon, SentinelOneFamiliarity with GPO, LANDesk, or other IT infrastructure toolsExperience with one or more programming languages (JavaScript, Python, Lua, Ruby, Go, Rust)Company OverviewBlueVoyant provides advanced threat intelligence, managed security services, and cybersecurity consulting to businesses and organizations. It was founded in 2017, and is headquartered in New York, New York, USA, with a workforce of 501-1000 employees. Its website is https://www.bluevoyant.com.