Position: SOC Security Analyst L2
Location: Remote, US
Shift Requirement: : Wednesday to Saturday - Swing/Night Shift. Available options: (EST): 4pm-2am, 5pm-3am, 6pm-4am, 7pm-5am, 8pm-6am.
Work Authorization: US Citizenship Required
Summary:
BlueVoyant is seeking a Security Operations Center (SOC) Security Analyst L2 to help global customers manage and improve their cybersecurity posture. You will work in a fast-paced environment focused on minimizing the impact of security incidents and ensuring critical business operations remain uninterrupted.
As a senior analyst, you serve as the technical expert and escalation point for junior analysts. Your deep understanding of modern attacks, intrusion data analysis, and remediation techniques ensures that threats are identified, escalated, and remediated with urgency and precision. You will mentor junior team members, support customers directly, and contribute to ongoing process and technology improvements.
Key Responsibilities:
As a senior analyst, your primary responsibility is ensuring the safety and security of customer environments through expert analysis, escalation handling, and effective communication.
Monitor and analyze security events and alerts from SIEM platforms, endpoint logs, network telemetry, and EDR tools
Research indicators of compromise (IOCs) and malicious activity to determine reputation and risk
Conduct malware analysis, attacker infrastructure investigation, and forensic analysis
Execute complex investigations and declare incidents when appropriate Perform live response and remote forensics on compromised endpoints
Conduct threat hunting activities based on behavioral anomalies and curated intelligence
Participate in and support incident response, investigation, and documentation
Collaborate closely with BlueVoyant Incident Response teams during active intrusions
Ensure events are accurately identified, analyzed, escalated, and documented
Identify and tune false positives and benign detections
Perform peer reviews and QA checks on junior analysts’ investigations
Mentor lower-level analysts and act as the technical escalation point
Communicate regularly with clients regarding incidents, findings, and remediation steps
Support Customer Success teams during client engagements as required
Assist in improving security policies, procedures, tooling, and automation
Basic Qualifications:
People Skills
Ability to remain calm and effective in high-pressure security incident situations
Ability to work directly with customers to gather requirements and provide feedback on security services
Strong written and verbal communication skills with the ability to translate complex technical concepts into clear, understandable language
Strong teamwork and interpersonal skills; comfortable working with a globally distributed team
Willingness and ability to work a 24/7/365 rotating shift schedule
Technical Skills
Experience using SIEM solutions, Cloud App Security tools, and EDR platforms
Advanced understanding of network protocols and network telemetry
Knowledge of Windows and Unix forensic artifacts and analysis methods
Expertise in endpoint, web, and authentication log analysis
Experience creating SIEM/EDR detections
Experience responding to modern authentication attacks (AD, Entra, OATH, etc.)
Deep knowledge of common attack paths, including LOLBins, adversary tools, BEC attacks, AiTM, and lateral movement techniques
Strong knowledge of:
SIEM workflows (preferably Microsoft Sentinel or Splunk)
Modern authentication systems and attacks (SSO, OATH, Entra)
Malware detection and analysis (dynamic and light static)
Network and firewall logs, IDS/WAF, web traffic logs
Email security and BEC attack methodologies
Windows and Unix forensic artifacts (registry, wtmp/btmp, etc.)
Windows PE and malicious document analysis
Legitimate and malicious remote access methods
O365 attack paths and common adversary techniques
Network metadata and commonly abused protocols
Credential harvesting tools and methodologies
Experience countering ransomware threat actors (preferred)
Preferred Qualifications: ]
Experience in intrusion analysis, incident response, digital forensics, penetration testing, or similar fields
3+ years of hands-on SOC/TOC/NOC experience
GIAC certification(s) strongly preferred
Additional certifications such as CISSP, Security+, Network+, CEH, RHCA, RHCE, MCSA, MCP, MCSE
Familiarity with tools such as Microsoft Sentinel, Splunk, Microsoft Defender suite, CrowdStrike Falcon, SentinelOne
Familiarity with GPO, LANDesk, or other IT infrastructure tools
Experience with one or more programming languages (JavaScript, Python, Lua, Ruby, Go, Rust)
Education
Bachelor’s degree in Information Security, Computer Science, or related IT field, or equivalent experience
About BlueVoyant
At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!
Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together
with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.
Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tulsa, San Francisco, Leeds, London, Cork, Budapest, Tel Aviv and Latin America.
All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status.
Interview Expectations
As part of our interview process, we assess your experience through real-time discussion, so we expect responses to be your own. While we support the use of AI in our business, it is not permitted during interviews, and any suspected use may be challenged, including through detection methods.
BlueVoyant Candidate Privacy Notice
To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice