SOC Analyst

SOC Analyst

Position Name: SOC Analyst
Reports to: SOC Team Lead
Location/Type: Remote
Status: Hourly

Atlas Technica shoulders IT management user support and cybersecurity for hedge funds and other investment firms. We value ownership execution growth intelligence and camaraderie and are looking for people who share these values while putting the customer first.

The SOC Analyst is a front-line security operations role focused on monitoring and triaging alerts performing hands-on investigations executing runbooks and communicating clearly with internal teams and clients.

This role requires clear spoken and written English for professional communication across tickets handoffs investigations and client/internal updates.

Key Responsibilities

• Alert monitoring and triage

• Serve as the primary front line for SOC security alerts during coverage hours.

• Monitor alerts from Microsoft Defender Intune DLP Azure AD/Entra ID and SIEM/SOC providers.

• Acknowledge classify and prioritize alerts based on severity client impact and defined SLAs.

• Execute runbook-driven triage steps (log collection user verification initial containment) and determine true/false positives.

• Investigation and response

• Investigate alerts using Defender portals SIEM activity logs and audit trails.

• Correlate identity endpoint cloud and network signals to build a clear incident narrative.

• Execute containment actions (account disable password reset endpoint isolation firewall change requests) in line with runbooks and change control.

• Escalate incidents to senior SOC staff NOC engineering or client teams based on defined criteria.

• Runbooks ticketing and communication

• Follow SOC runbooks precisely for common alert types and identify gaps or outdated steps based on real cases.

• Propose and document corrections or enhancements to runbooks with SOC leadership and SOC Engineers.

• Open and update tickets with clear complete notes that reflect actions taken and current status.

• Use approved templates and guidelines when notifying internal teams and clients; maintain accurate audit-ready records of alerts and incidents.

• Ensure smooth handoffs between NOC and SOC and across shifts.

• Write clear professional English communications for ticket updates incident notes handoffs and internal/client notifications using approved templates and standards

• Collaboration and support

• Work closely with NOC engineers to distinguish infrastructure vs. security issues and drive joint resolutions.

• Create and maintain tickets from vulnerability/exposure findings (e.g. Cavelo Defender TVM) and track remediation with stakeholder teams.

• Provide incident and alert context to support client-facing security posture and risk reviews.

• Participate in shift handoffs and SOC ceremonies; engage in ongoing training on new threats tools and SOC procedures.

Requirements

• 12 years of experience in IT and/or security operations (NOC SOC systems engineering or equivalent).

• Professional proficiency in written and spoken English including the ability to document investigations clearly and communicate effectively with technical and non-technical stakeholders.

• Practical experience with:

• Microsoft 365 and Azure (Exchange Online SharePoint/OneDrive Intune Azure AD/Entra ID).

• Microsoft Defender stack (Endpoint Identity Office 365 Cloud Apps) and at least one SIEM platform.

• DLP identity security (conditional access MFA) and endpoint protection tools.

• Strong understanding of:

• Authentication and access control concepts (Azure AD SSO conditional access MFA).

• Windows endpoint and server security fundamentals.

• Basic network security concepts (VPN DNS DHCP firewalls IDS/IPS).

• Ability to:

• Read and interpret security alerts logs and correlated events.

• Communicate clearly with both technical and non-technical stakeholders including clients.

• Document incidents runbooks and processes in a clear structured way.

• Demonstrated passion for security strong ownership mindset follow-through and data-driven decision-making.

Desirable Qualifications

• Experience in a Managed Services Provider (MSP) or multi-tenant environment.

• Familiarity with Cavelo or other data discovery/exposure platforms.

• Experience with vulnerability management tools and frameworks (e.g. CIS NIST).

• Security-related certifications such as Security AZ-500 SC-200 or equivalent.

• Experience supporting clients in the financial services or alternative investment industry.