DevSecOps Professional.
Longterm Contract
100% Remote
Ideally someone who lives on the West Coast.
Rate: open (prefer 1099 or C2C)
Must have polished communications skills.
Summary
We are seeking a Senior Security Operations Center (SOC) Analyst to join
global cybersecurity team. In this senior role, you will be a key player in protecting a leading
accounting and advisory firm, ensuring the security of our systems and client data across
audit, tax, and advisory services. You will lead advanced threat detection and incident
response efforts, help maintain compliance with financial regulations and uphold our
firm’s standards of professional excellence and integrity. The ideal candidate is an
experienced security analyst who can mentor junior team members, collaborate across
departments (IT, Internal Audit, Compliance, etc.), and drive continuous improvements in
our SOC processes and defenses.
Responsibilities
• Monitor & Analyze Threats: Continuously monitor security events and alerts from
SIEM, EDR, cloud security consoles, and other tools to identify potential incidents.
Perform in-depth analysis of suspicious activity across networks, endpoints, and
cloud environments, distinguishing false positives from real threats.
• Incident Response Leadership: Act as the incident lead for high-severity or
complex security incidents, coordinating containment, eradication, and recovery
efforts in line with established playbooks. Conduct thorough root cause analysis
and forensic investigation to determine the impact and prevent recurrence of
incidents.
• Threat Hunting & Intelligence: Proactively hunt for threats in the IT environment
using threat intelligence feeds and the MITRE ATT&CK framework to uncover latent
risks. Stay up-to-date with the latest attacker tactics and techniques, and adjust
monitoring use cases to address emerging threats.
• SOC Use Case Development: Develop and fine-tune detection rules, correlation
logic, and alerts within our SIEM and monitoring platforms. Define and maintain
SOC use cases and playbooks for incident triage and response, ensuring they align
with industry best practices and risk profile.
• SOC Operations & Oversight: Oversee day-to-day SOC operations during your shift
or as needed, acting as the escalation point for Tier 1 and Tier 2 analysts. Ensure
alerts are handled efficiently and escalated appropriately, maintaining a high level
of vigilance across 24/7 operations.
• Mentorship & Team Development: Mentor and train junior SOC analysts,
reviewing their investigation reports and providing feedback to improve analysis
quality. Lead by example in documentation, alert handling, and adherence to
procedures, fostering a culture of continuous learning and teamwork within the
SOC.
• Cross-Team Collaboration: Work closely with cross-functional teams – including IT
Infrastructure, Network Engineering, Cloud Operations, Internal Audit, and
professional service lines – to remediate security issues and improve protective
measures. Provide security expertise in support of audits and assessments.
• Process Improvement & Automation: Identify opportunities to enhance SOC
workflows and response times. Leverage Security Orchestration, Automation, and
Response (SOAR) tools and scripting (Python, PowerShell, etc.) to automate
repetitive tasks, improve incident response efficiency, and reduce mean time to
response. Continuously refine SOC standard operating procedures to drive
operational excellence.
• Strategic Security Initiatives: Contribute to the broader cybersecurity strategy by
providing insights from the SOC. Recommend and help evaluate new security tools,
technologies, or practices (such as advanced EDR solutions or cloud security
enhancements) that could strengthen security posture. Ensure
alignment of SOC activities with frameworks like NIST Cybersecurity Framework
(CSF) and the firm’s overall risk management approach.
Required Qualifications
• Education & Experience: Bachelor’s degree in Cybersecurity, Computer Science,
Information Systems or a related field (or equivalent work experience). 5+ years of
experience in information security operations, with at least 2–3 years in a SOC
analyst role handling incident detection and response (Tier 2/Level II or above).
• Technical Expertise: Hands-on experience with security monitoring tools and
technologies, including Security Information and Event Management (SIEM)
systems and Endpoint Detection and Response (EDR) platforms. Proficient in
analyzing logs and alerts from various sources (network devices, servers, cloud
services, etc.) to identify security incidents.
• Cloud Security Knowledge: Solid understanding of cloud computing environments
and security monitoring in Azure and/or AWS. Ability to use cloud-native security
services (e.g., Azure Security Center/Sentinel, AWS CloudWatch/GuardDuty) to
detect and respond to cloud-based threats.
• Incident Response Skills: Demonstrated ability to lead incident response
processes end-to-end – from initial triage and investigation to containment,
recovery, and root cause analysis. Familiarity with digital forensics techniques and
evidence handling in support of incident investigations.
• Programming/Automation: Experience with scripting or automation (such as
Python, PowerShell, or Bash) to streamline SOC tasks. Familiarity with SOAR
platforms and the ability to create playbooks or automated workflows to improve
response times and consistency.
• Frameworks & Methodologies: Working knowledge of key cybersecurity
frameworks and models. This includes understanding the MITRE ATT&CK framework
for adversary tactics/techniques and the NIST Cybersecurity Framework for
organizing and continuously improving security operations.
• Leadership & Communication: Excellent communication skills with the ability to
clearly document incident findings and present security issues to both technical
teams and non-technical stakeholders. Proven leadership capabilities in a SOC or
incident response team, including experience mentoring junior analysts and
coordinating team efforts.
• Analytical Mindset: Strong analytical and problem-solving skills. Able to work
under pressure during cyber incidents, think critically to quickly isolate problems,
and make informed decisions to mitigate threats while maintaining composure and
professionalism.
Preferred Qualifications
• Certifications: Professional security certifications such as CISSP, CISM that
demonstrate a broad and deep understanding of cybersecurity and incident
handling.
• Advanced Security Tools: Experience with additional security technologies and
practices, such as intrusion detection/prevention systems (IDS/IPS), data loss
prevention (DLP), identity and access management, or vulnerability management
programs. Experience tuning and optimizing these tools in a large enterprise is a
plus.
• Cloud & DevSecOps: Certification or advanced training in cloud security and
exposure to DevSecOps or secure cloud architecture. Hands-on experience
securing SaaS applications or working with container security/Kubernetes security
would be an advantage.
• Compliance & Frameworks: Familiarity with other security standards and
regulations such as PCI-DSS, HIPAA, ISO 27001, or NIST 800-53. Experience
participating in compliance audits or SOC 2 reporting for an organization is
beneficial.
• Industry Experience: Previous experience working in a large financial services firm,
or in an environment heavily focused on regulatory compliance and client data
protection. Understanding of how cybersecurity supports business functions like
audit, tax, and advisory services in a professional services context
