Principal Cybersecurity Analyst

Role Overview:

We are seeking a Principal Cyber Security Analyst to provide technical leadership within our Security Operations Center (SOC). In this role, you will serve as a hands-on expert in detecting, analyzing, and responding to cybersecurity threats. You will lead and coordinate major incident response efforts, set best practices for threat detection and investigation, and mentor senior and junior analysts across the SOC.

As a trusted security leader, you will collaborate closely with engineering, IT, risk, and business stakeholders to drive continuous improvements to the organization’s security posture, influence security strategy, and enhance detection and response capabilities

Key Responsibilities:

• Provide technical leadership for advanced threat detection, investigation and response within the SOC.
• Lead high-severity security incidents investigations, including malware analysis and enterprise-wide investigations.
• Drive real-time incident response, coordinating containment, remediation, and post-incident reviews.
• Design, optimize, and maintain detection use cases, monitoring rules, and alert tuning to improve SOC effectiveness.
• Perform deep analysis across networks, endpoints, and cloud environments to identify and mitigate security risks.
• Lead and support proactive threat-hunting initiatives and vulnerability mitigation efforts.
• Collaborate with IT, engineering, digital forensics, and external partners during incident response activities.
• Develop, standardize, and continuously improve SOC playbooks, procedures, and automation workflows.
• Mentor analysts, conduct training and incident response exercises, and perform quality reviews of investigations.
• Act as a subject matter expert, contributing to broader cybersecurity initiatives and continuous improvement programs.

Qualifications:

• 10+ years of progressive, hands-on experience in Security Operations, with deep expertise in SIEM and SOAR platforms within enterprise or large-scale SOC environments.
• Proven technical leadership in incident response, advanced threat detection, and security operations, including ownership of complex and high-impact security incidents.
• Expert-level experience with SIEM and SOAR technologies (e.g., Splunk, XSOAR), including detection engineering, use case development, and response automation.
• Strong scripting and automation capabilities using languages such as Python and PowerShell to enhance SOC efficiency and response maturity.
• In-depth knowledge of network and security protocols, firewalls, server and cloud environments, identity platforms (Active Directory, LDAP, Microsoft Entra ID), and modern attack techniques.
• Demonstrated experience in continuous security monitoring, vulnerability management, threat hunting, and adversary-based testing activities.
• Experience with Purple Team operations, detection validation, and/or OT security environments is highly desirable.

Certifications (Preferred):

CISSP, OffSec Defense Analyst (OSDA) GIAC Certified Incident Handler (GCIH), Certified SOC Analyst (CSA) or equivalent certifications.