[Remote] Senior Security Operations Analyst

Note: The job is a remote job and is open to candidates in USA. NuHarbor Security is dedicated to enhancing cybersecurity for clients through a comprehensive suite of services. The Senior Security Operations Analyst will serve as a technical anchor, conducting investigations, producing documentation, and mentoring junior analysts while ensuring high-quality outcomes for client security needs.

Responsibilities

• Own investigations end-to-end from initial alert through root cause analysis, attack chain reconstruction, and client-ready written narrative
• Correlate across SIEM, EDR, and identity telemetry to identify what alerts missed, not just what they flagged
• Self-assign to difficult, ambiguous, or high-priority work without requiring direction, including work that falls outside defined lanes
• Support the Security Analyst team with alert triage, classification, disposition, and escalation within SLA requirements
• Identify and communicate security gaps and mitigations in the context of client environments
• Communicate proactively with the Security Operations Manager on active threats, escalations, and items requiring leadership visibility
• Facilitate client-facing meetings including incident briefings, escalation reviews, and threat landscape discussions
• Produce ticket documentation that requires no editorial cleanup, every ticket must include an evidence trail, analyst reasoning, disposition rationale, and a plain-language client summary
• Remain current on emerging threats, CVEs, and attacker techniques relevant to client environments
• Support the onboarding of new clients onto NuHarbor Security Services and Platforms
• Train, mentor, and support junior analysts, including structured coaching on investigation methodology, documentation standards, and client communication
• Review escalations to clients from junior analysts prior to client delivery, ensuring investigative completeness and documentation quality
• Develop and refine automation playbooks to reduce alert volume and improve analyst workflow
• Contribute tuning feedback, noise identification, and alert fidelity assessments to the Detection Engineering program, in coordination with DE leadership
• Develop recommendations and enhancements to mature a client’s cybersecurity program
• Coordinate with NuHarbor clients and internal stakeholders during and after incident response activities

Skills

• Bachelor's Degree and five (5) years of experience. Experience should be in a cybersecurity field and should include relevant industry certifications
• In lieu of a degree, two (2) years of experience in a related technology field and relevant industry certifications are required
• Demonstrated experience with SOC operations, executing security event triaging and tuning
• Demonstrated experience writing runbooks and support procedures
• Demonstrated experience executing Monitoring and Response across multiple phases, containment, eradication, and recovery, in a SOC or MSSP environment
• Demonstrated experience with security event triaging and threat hunting executed through both a SIEM and EDR toolset
• Hands on experience with at least two of the following Endpoint Detection and Response (EDR) and Security Orchestration Automation and Response solutions: CrowdStrike, Microsoft Defender, Microsoft Sentinel, Splunk Enterprise Security
• Demonstrated experience with scripting in at least one language (Python, PowerShell, or equivalent) in a manner that supports automation solutions
• Excellent written and verbal communication skills
• Previous experience in technical support or security-focused role
• Willing and able to work Sunday - Thursday, 8:30am - 5:00pm
• Must be authorized to work within the United States
• Bachelor's Degree and seven (7) or more years of experience in cybersecurity with progressive responsibility in SOC, MDR, or MSSP environment
• Holds at least two relevant industry certifications (GCFA, GCIH, CEH, CISSP, etc.)
• Demonstrated experience communicating and presenting to executive level client stakeholders
• Technical writing and reporting experience
• Experience executing initial triaging and response through a SOAR platform
• Experience with multiple operating systems (Linux, MacOS, Windows), their command lines, processes, and file systems
• Experience with memory and storage forensics
• Experience with static and dynamic malware analysis
• Demonstrated ability to translate complex technical findings into clear, business-relevant narratives for non-technical audiences
• Experience with data science techniques (clustering, anomaly detection, data normalization, etc.)
• General systems administrator experience
• Fluency with the MITRE ATT&CK framework as an active investigation and communication tool
• Experience working in multiple cybersecurity disciplines (i.e. Penetration Testing, Threat, Information Assurance, Engineering, etc.)

Benefits

• Paid time to give back in your community
• Generous PTO

Company Overview