[Remote] SOC Security Analyst L2

Note: The job is a remote job and is open to candidates in USA. BlueVoyant is seeking a Security Operations Center (SOC) Security Analyst L2 to help global customers manage and improve their cybersecurity posture. You will work in a fast-paced environment focused on minimizing the impact of security incidents and ensuring critical business operations remain uninterrupted. Responsibilities • Monitor and analyze security events and alerts from SIEM platforms, endpoint logs, network telemetry, and EDR tools • Research indicators of compromise (IOCs) and malicious activity to determine reputation and risk • Conduct malware analysis, attacker infrastructure investigation, and forensic analysis • Execute complex investigations and declare incidents when appropriate • Perform live response and remote forensics on compromised endpoints • Conduct threat hunting activities based on behavioral anomalies and curated intelligence • Participate in and support incident response, investigation, and documentation • Collaborate closely with BlueVoyant Incident Response teams during active intrusions • Ensure events are accurately identified, analyzed, escalated, and documented • Identify and tune false positives and benign detections • Perform peer reviews and QA checks on junior analysts’ investigations • Mentor lower-level analysts and act as the technical escalation point • Communicate regularly with clients regarding incidents, findings, and remediation steps • Support Customer Success teams during client engagements as required • Assist in improving security policies, procedures, tooling, and automation Skills • Ability to remain calm and effective in high-pressure security incident situations • Ability to work directly with customers to gather requirements and provide feedback on security services • Strong written and verbal communication skills with the ability to translate complex technical concepts into clear, understandable language • Strong teamwork and interpersonal skills; comfortable working with a globally distributed team • Willingness and ability to work a 24/7/365 rotating shift schedule • Experience using SIEM solutions, Cloud App Security tools, and EDR platforms • Advanced understanding of network protocols and network telemetry • Knowledge of Windows and Unix forensic artifacts and analysis methods • Expertise in endpoint, web, and authentication log analysis • Experience creating SIEM/EDR detections • Experience responding to modern authentication attacks (AD, Entra, OATH, etc.) • Deep knowledge of common attack paths, including LOLBins, adversary tools, BEC attacks, AiTM, and lateral movement techniques • Strong knowledge of SIEM workflows (preferably Microsoft Sentinel or Splunk) • Strong knowledge of modern authentication systems and attacks (SSO, OATH, Entra) • Strong knowledge of malware detection and analysis (dynamic and light static) • Strong knowledge of network and firewall logs, IDS/WAF, web traffic logs • Strong knowledge of email security and BEC attack methodologies • Strong knowledge of Windows and Unix forensic artifacts (registry, wtmp/btmp, etc.) • Strong knowledge of Windows PE and malicious document analysis • Strong knowledge of legitimate and malicious remote access methods • Strong knowledge of O365 attack paths and common adversary techniques • Strong knowledge of network metadata and commonly abused protocols • Strong knowledge of credential harvesting tools and methodologies • Experience countering ransomware threat actors • Experience in intrusion analysis, incident response, digital forensics, penetration testing, or similar fields • 3+ years of hands-on SOC/TOC/NOC experience • GIAC certification(s) strongly preferred • Additional certifications such as CISSP, Security+, Network+, CEH, RHCA, RHCE, MCSA, MCP, MCSE • Familiarity with tools such as Microsoft Sentinel, Splunk, Microsoft Defender suite, CrowdStrike Falcon, SentinelOne • Familiarity with GPO, LANDesk, or other IT infrastructure tools • Experience with one or more programming languages (JavaScript, Python, Lua, Ruby, Go, Rust) Company Overview • BlueVoyant provides advanced threat intelligence, managed security services, and cybersecurity consulting to businesses and organizations. It was founded in 2017, and is headquartered in New York, New York, USA, with a workforce of 501-1000 employees. Its website is https://www.bluevoyant.com. Apply tot his job Apply To this Job