Lead SOC Analyst, Incident Response

Recon InfoSec is seeking an experienced Lead SOC Analyst, Incident Response, to join our team. In this role, you won't just be reacting to alerts; you'll be at the forefront of shaping and leading our security operations strategy. This position is responsible for leading our responses to complex incident responses, driving the maturation of our incident response processes, and contributing significantly to the development of our approach to security operations. If you are passionate about taking on significant cybersecurity challenges, ready to lead and inspire a team, and keen on driving forward-thinking and collaborative security solutions, we invite you to elevate our team's capabilities and help us protect our customers against cyber threats.

Responsibilities

  • Lead and manage complex incident response engagements, ensuring effective coordination and communication across technical teams and stakeholders.

  • Design, mature, and implement advanced playbooks for triage, investigation, and response to cyber threats, with a focus on continuous improvement and automation.

  • Serve as a senior escalation point for challenging incidents, providing expert guidance and decision-making support to junior analysts and the broader SOC team.

  • Spearhead initiatives to enhance our incident response processes, leveraging the latest methodologies and technologies to increase efficiency and effectiveness.

  • Communicate complex security incidents and recommendations to customers and stakeholders, translating technical details into actionable intelligence.

  • Oversee the implementation and tuning of threat signatures, ensuring optimal performance and detection capabilities.

  • Lead, mentor, and develop junior analysts, fostering a culture of continuous learning and professional growth within the team.

  • Organize and direct SOC training programs, emphasizing advanced skills and readiness for incident response challenges.

Skills

  • Proven leadership and team management abilities.

  • Advanced knowledge and hands-on experience in incident response and cybersecurity operations.

  • Exceptional critical thinking, analytical skills, and attention to detail.

  • Excellent written and oral communication skills, with the ability to convey complex information clearly and persuasively.

  • Strong interpersonal and teamwork skills, with a demonstrated ability to collaborate effectively across diverse teams.

  • Strong understanding of Windows event logs and other investigation relevant artifacts

  • Experience performing Digital Forensics a plus

Requirements

  • 5+ years of experience in Security Operations, with significant experience in incident response and leadership roles.

  • Expertise in log management, SIEM, endpoint protection, and advanced security tools and technologies.

  • Availability for on-call duties, including nights, weekends, and holidays, to respond to high-priority incidents.

Competitive Applicants Will Have

  • Experience in a senior managed services or incident response role.

  • Proven track record in threat hunting and the development of innovative security solutions.

  • Familiarity with advanced tools and technologies, such as SOAR, Sigma, Sysmon, Thinkst, and OpenSearch/Elastic.

  • Comprehensive understanding of industry best practices, including HIPAA, PCI-DSS, NIST, and others.

  • Experience managing security operations for email platforms such as Azure/M365, Google Workspace, and Exchange.