IT Security – Sr. SOC Analyst

This position calls for a Senior SOC Analyst with proven expertise in cybersecurity monitoring, threat detection, and incident response across complex enterprise environments. As a key member of Citco’s Computer Security Incident Response Team (CSIRT), the Senior SOC Analyst is responsible for leading the analysis of security events, proactively identifying and mitigating threats, and mentoring junior analysts within a 24x7x365 SOC environment.

The Senior SOC Analyst is expected to be highly proficient with modern security technologies and have deep knowledge of adversary tactics, techniques, and procedures (TTPs). This role requires experience working across hybrid-cloud environments, supporting incident handling lifecycle from detection through containment, eradication, and recovery.

Your Role:

• Serve as an escalation point for complex or high-risk security incidents.
• Lead end-to-end investigations involving malware, APTs, lateral movement, and insider threats.
• Conduct proactive threat hunting across on-prem and cloud environments using SIEM, EDR, and threat intelligence tools.
• Analyze logs, security telemetry, and packet captures across Windows, Linux, and network infrastructure.
• Enhance detection content and use cases by tuning SIEM and EDR rules aligned to frameworks such as MITRE ATT&CK.
• Develop, test, and maintain SOAR playbooks to improve investigation efficiency and automate response actions.
• Contribute to post-incident reviews and root cause analyses, proposing hardening and lessons learned initiatives.
• Conduct periodic evaluations of alert fidelity, detection coverage, and SOC operational metrics.
• Collaborate with IT, Engineering, and DevSecOps teams to validate threat findings, coordinate remediation, and improve preventative defenses.
• Lead knowledge transfer sessions and create training material for Junior SOC analysts.
• Assist the SOC Manager in evaluating security tools and recommending operational improvements.
• Maintain accurate and detailed documentation in the SOC’s case management system.
• Stay current on emerging threats, adversary TTPs, and detection techniques.

About You:

• 3–5+ years of experience in a 24x7 SOC, CSIRT, or cyber incident response role in a global enterprise.
• Deep knowledge of SIEM, EDR and SOAR platforms and security automation tools.
• Familiarity with threat intelligence standards (e.g., STIX/TAXII) and frameworks like MITRE ATT&CK.
• Strong hands-on experience with forensic tools and utilities (e.g., Sysinternals, Wireshark).
• Excellent verbal and written communication skills, especially for documentation, briefings, and reporting.
• Critical thinking and problem-solving skills with a high attention to detail.
• Comfortable working independently or collaboratively under pressure.
• Preferred certifications: GCIH, GCIA, CEH, CySA+, or equivalent.
• Willingness to work flexible hours including weekends, holidays, and on-call as needed.