[Remote] SOC Security Analyst L2

Note: The job is a remote job and is open to candidates in USA. BlueVoyant is seeking a Security Operations Center (SOC) Security Analyst L2 to help global customers manage and improve their cybersecurity posture. You will work in a fast-paced environment focused on minimizing the impact of security incidents and ensuring critical business operations remain uninterrupted.

Responsibilities
• Monitor and analyze security events and alerts from SIEM platforms, endpoint logs, network telemetry, and EDR tools
• Research indicators of compromise (IOCs) and malicious activity to determine reputation and risk
• Conduct malware analysis, attacker infrastructure investigation, and forensic analysis
• Execute complex investigations and declare incidents when appropriate
• Perform live response and remote forensics on compromised endpoints
• Conduct threat hunting activities based on behavioral anomalies and curated intelligence
• Participate in and support incident response, investigation, and documentation
• Collaborate closely with BlueVoyant Incident Response teams during active intrusions
• Ensure events are accurately identified, analyzed, escalated, and documented
• Identify and tune false positives and benign detections
• Perform peer reviews and QA checks on junior analysts’ investigations
• Mentor lower-level analysts and act as the technical escalation point
• Communicate regularly with clients regarding incidents, findings, and remediation steps
• Support Customer Success teams during client engagements as required
• Assist in improving security policies, procedures, tooling, and automation

Skills
• Ability to remain calm and effective in high-pressure security incident situations
• Ability to work directly with customers to gather requirements and provide feedback on security services
• Strong written and verbal communication skills with the ability to translate complex technical concepts into clear, understandable language
• Strong teamwork and interpersonal skills; comfortable working with a globally distributed team
• Willingness and ability to work a 24/7/365 rotating shift schedule
• Experience using SIEM solutions, Cloud App Security tools, and EDR platforms
• Advanced understanding of network protocols and network telemetry
• Knowledge of Windows and Unix forensic artifacts and analysis methods
• Expertise in endpoint, web, and authentication log analysis
• Experience creating SIEM/EDR detections
• Experience responding to modern authentication attacks (AD, Entra, OATH, etc.)
• Deep knowledge of common attack paths, including LOLBins, adversary tools, BEC attacks, AiTM, and lateral movement techniques
• Strong knowledge of SIEM workflows (preferably Microsoft Sentinel or Splunk)
• Strong knowledge of modern authentication systems and attacks (SSO, OATH, Entra)
• Strong knowledge of malware detection and analysis (dynamic and light static)
• Strong knowledge of network and firewall logs, IDS/WAF, web traffic logs
• Strong knowledge of email security and BEC attack methodologies
• Strong knowledge of Windows and Unix forensic artifacts (registry, wtmp/btmp, etc.)
• Strong knowledge of Windows PE and malicious document analysis
• Strong knowledge of legitimate and malicious remote access methods
• Strong knowledge of O365 attack paths and common adversary techniques
• Strong knowledge of network metadata and commonly abused protocols
• Strong knowledge of credential harvesting tools and methodologies
• Experience countering ransomware threat actors
• Experience in intrusion analysis, incident response, digital forensics, penetration testing, or similar fields
• 3+ years of hands-on SOC/TOC/NOC experience
• GIAC certification(s) strongly preferred
• Additional certifications such as CISSP, Security+, Network+, CEH, RHCA, RHCE, MCSA, MCP, MCSE
• Familiarity with tools such as Microsoft Sentinel, Splunk, Microsoft Defender suite, CrowdStrike Falcon, SentinelOne
• Familiarity with GPO, LANDesk, or other IT infrastructure tools
• Experience with one or more programming languages (JavaScript, Python, Lua, Ruby, Go, Rust)

Company Overview
• BlueVoyant provides advanced threat intelligence, managed security services, and cybersecurity consulting to businesses and organizations. It was founded in 2017, and is headquartered in New York, New York, USA, with a workforce of 501-1000 employees. Its website is https://www.bluevoyant.com.

Apply Now

Apply Now

Ready to Apply?

Don't miss out on this amazing opportunity!