Senior Security Operations Analyst

What You'll Do:

• Serve as a core member of Security Operations, monitoring and triaging alerts from platforms such as SentinelOne and Wiz. Perform end-to-end investigations to identify, contain, and remediate threats and incidents, driving timely, appropriate response.
• Proactively identify and assess vulnerabilities in infrastructure and code, working with development and other cross functional teams to address issues.
• Contribute to the end-to-end detection lifecycle: model attacker behaviors (MITRE ATT&CK), write and test detections as code across security programs and tooling (SentinelOne, Wiz, Okta, AWS CloudTrail), and continuously enrich to reduce false positives and improve MTTD. Support data quality and telemetry onboarding, maintain response playbooks, and provide threat validation assistance across the business.
• Assist teams with the application of secure configuration baselines and best practices in accordance with CIS Benchmarks, NIST, vendor hardening guides, and applicable compliance standards across all company computing assets.
• Correlate endpoint and infrastructure telemetry to identify emerging threats. Curate and operationalize intelligence (IOCs, TTPs) into detections and response playbooks, and maintain vetted intelligence feeds.
• Assist GRC initiatives by mapping controls to internal policies and frameworks (e.g., SOC 2, NIST CSF, NYC DFS 500), identifying gaps, supporting audits and evidence collection, tracking remediation, and maintaining policies and control documentation.
• Work with engineering and business teams to champion security best practices, communicate risks to accountable owners, and assist with mitigation planning and execution.

What We Are Looking For:

• 3+ years experience in a Security Analyst / Security Operations role
• 3+ years experience with AWS CloudFormation, or other infrastructure-as-code systems (like Terraform)
• 3+ years experience or certification in AWS serverless technologies (API Gateway, Lambda, S3, DynamoDB)
• Certifications (one or more preferred): CISSP, CCSP, GIAC (GCIH/GCIA/GMON/GCED/GCFA/GREM), cloud security (AWS or cloud agnostic security specialty) or equivalent experience.
• Proficiency with hands on management and use of SIEM, CNAPP, EDR, Vulnerability Management tooling, and Detection Engineering strategies.
• Proficiency with AI technologies and the corresponding threat landscape and strategies for mitigation. Understands agentic workflows such as AWS Bedrock, MCP based workflows (or similar technologies)
• Working Knowledge of best practices around security roles and responsibilities for AWS IAM
• Experience working with observability services and tooling (including Coralogix, CloudWatch, O)