- Professional
- Optionales Büro in Reading
SOC Analyst I – Splunk/SIEM Focused
The SOC Analyst I is a critical member of Boscov’s Security Operations Center (SOC), with a primary focus on advanced Splunk (SIEM) detection engineering, log analysis, and incident investigation. This role goes beyond basic alert triage, our SOC Analyst I is expected to proactively hunt for threats, engineer new detections, and drive improvements in visibility and response capabilities.
The analyst will create and optimize Splunk SPL queries, correlation rules, dashboards to detect emerging threats, while also ensuring new log sources are onboard and integrated into SOC processes. This role requires strong analytical skills to investigate complex security events, identify root causes, and provide actionable recommendations.
Key Responsibilities
Splunk / SIEM Focus (Core Duties)
- Develop, tune, and maintain SPL queries, correlation rules, and dashboards to detect evolving threats.
- Perform deep log analysis to uncover hidden patterns, anomalies, and potential attack indicators.
- Identify gaps in visibility and work with security engineers to onboard and validate new log sources.
- Integrate Splunk detections into Jira for efficient ticketing, case tracking, and incident resolution.
- Continuously refine alerts to reduce false positives and improve detection quality.
- Map detections to MITRE ATT&CK to ensure comprehensive coverage of tactics and techniques.
- Document use cases, detection logic, and investigation steps for SOC knowledge base.
SOC Operations & Analysis
- Act as a first- and second-level responder for security incidents, performing in-depth investigations.
- Analyze phishing reports and campaigns, improving playbooks for recurring attack patterns.
- Investigate endpoint security alerts, malware detections, and suspicious user activity.
- Assist with vulnerability monitoring and prioritization in collaboration with IT teams.
- Conduct root cause analysis for incidents, escalating complex cases to senior analysts when required.
- Participate in threat hunting activities to proactively search for adversary activity in logs and systems.
- Provide clear and timely communications during incidents, including updates, findings, and recommendations.
Continuous Improvement & Growth
- Stay current with emerging threats, attack techniques, and industry detection best practices.
- Research and propose new detection strategies, SIEM enhancements, and process improvements.
- Contribute to team playbooks, knowledge base, and training material.
- Collaborate with peers to improve overall SOC efficiency and detection coverage.
- Participate in security training and tabletop exercises to continue skill development.
Qualifications
- 2–4 years of experience in a SOC, security monitoring, or detection engineering role.
- Strong hands-on experience with Splunk, including SPL query development, alert tuning, and dashboard creation.
- Solid understanding of log analysis, SIEM tuning, and incident response workflows.
- Demonstrated ability to investigate complex security alerts and provide root cause analysis.
- Familiarity with common attack vectors (phishing, malware, lateral movement, privilege escalation).
- Strong analytical skills with attention to detail.
- Excellent communication skills for both technical and non-technical audiences.
Preferred:
- Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin).
- Experience with Jira or other SOC ticketing/integration platforms.
- Familiarity with MITRE ATT&CK framework for detection engineering.
- Security certifications such as CompTIA Security+, GSEC, or similar.
- Experience with scripting/automation (Python, PowerShell, etc.) a plus.
Benefits
At Boscov’s, we value our employees, and that’s why we provide a competitive compensation and benefits package. As a Full-Time member of our IT team, you will be eligible to receive:
- Comprehensive benefits package, including medical/dental/vision
- Short term disability/ Long term disability- voluntary
- Life Insurance (company paid)
- 401(k) w/ company match
- Weekly Pay
- Paid vacation
- Liberal employee discount
Work where people love to shop!
Equal Opportunity Employer
#INDCORP
Jetzt bewerben