Senior Security Operations Center (SOC) Analyst

Absolute Software • Unknown • 1m ago

We are seeking a highly skilled and experienced Senior SOC Analyst to join our Security Operations Center. This role is pivotal in defending enterprise assets against advanced threats through proactive monitoring, threat hunting, and incident response. The ideal candidate will have deep expertise in CrowdStrike Falcon, Microsoft Sentinel, and a strong understanding of network and operating system internals across Windows, Linux, and macOS. Experience in cloud incident investigations (Azure, AWS, GCP) is essential.

Department: Security Operations. Reports To: Director, Security Operations What You’ll Do

Threat Detection & Response
- Monitor and triage alerts from CrowdStrike Falcon and Microsoft Sentinel.
- Lead investigations into endpoint and network security incidents including malware, privilege escalation, lateral movement, and data exfiltration.
- Execute containment and remediation strategies for identified threats.
Threat Hunting & Analysis
- Conduct proactive threat hunts using CrowdStrike telemetry and threat intelligence.
- Perform forensic analysis of compromised systems and malware samples.
- Analyze network logs and packet captures to identify anomalies and attacker behavior.
Cloud Security & Incident Investigations
- Investigate cloud-based incidents across Azure, AWS, and GCP environments.
- Assess cloud logging readiness and ensure audit trails are complete and actionable.
- Collaborate with cloud operations teams to improve detection and response capabilities.
Process Improvement & Automation
- Develop and refine playbooks, runbooks, and standard operating procedures.
- Tune SIEM rules and EDR policies to reduce false positives and improve alert fidelity.
- Participate in red/blue team exercises and contribute to continuous SOC maturity.
Collaboration & Leadership
- Serve as an escalation point for Tier 1 and Tier 2 analysts.
- Mentor junior SOC staff and contribute to team knowledge sharing.
- Interface with threat intelligence, incident response, and executive stakeholders.

Preferred Experience

4–7 years of experience in a SOC or cybersecurity analyst role.
Expert-level proficiency with CrowdStrike Falcon and Microsoft Defender.
Strong understanding of MITRE ATT&CK, malware behaviors, and incident response.
Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, Elastic).
Deep knowledge of Windows, Linux, and macOS internals.
Proficiency in scripting (Python, PowerShell) and log analysis.
Excellent written and verbal communication skills.

Preferred Certifications

CrowdStrike Certified Falcon Responder (CCFR)
CrowdStrike Certified Falcon Administrator (CCFA)
GIAC (GCIA, GCIH), CySA+, or equivalent

Education

Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent experience.

The pay range

The base pay offered is determined by the market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our annual bonus program.

Why Work For Us You’re resilient and passionate about securing the Work from Anywhere era. So are we. We’re in search of the best and the brightest – everyone from innovators, sellers and marketers to financers, operators and especially customer relationship managers – we’re looking for top tier talent to help us shape the next decade of security, drive innovation that enables customers with truly disruptive solutions and are dedicated to making a meaningful difference. Headquartered in Seattle, Washington with international offices in Vancouver - BC, Austin - TX, Ankeny – IA, Reading - UK and Ho Chi Minh City – Vietnam, Absolute Security accelerates customers’ shift to work-from-anywhere through the industry’s first self-healing Zero Trust platform, ensuring maximum security and uncompromised productivity. Only Absolute is embedded in more than half a billion devices, offering a permanent digital connection that intelligently and dynamically applies visibility, control and self-healing capabilities to endpoints, applications, and network access to ensure their cyber resilience tailored for distributed workforces. Our vision is to be the world’s most trusted security company – and to empower end users to connect securely and from anywhere, to all the applications they need to collaborate and get their work done, without interruptions and with an optimal network experience. Absolute currently serves approximately 16,000 customers with more than 13 million activated endpoints globally. G2 Recognized Absolute as a Leader in the Summer 2025 Endpoint Management and Zero Trust Networking Grid Reports, reflecting our continued customer satisfaction across product lines. To learn more about Absolute, visit our website at www.absolute.com [http://www.absolute.com/] or visit our YouTube channel [https://www.youtube.com/user/AbsoluteSoftware]