SOC Security Analyst L2

Position: SOC Security Analyst L2
Location: Remote, US
Shift Requirement: : Wednesday to Saturday - Swing/Night Shift. Available options: (EST): 4pm-2am, 5pm-3am, 6pm-4am, 7pm-5am, 8pm-6am.
Work Authorization:  US Citizenship Required
 

• →Experience using SIEM solutions, Cloud App Security tools, and EDR platforms
• →Advanced understanding of network protocols and network telemetry 
• →Knowledge of Windows and Unix forensic artifacts and analysis methods 
• →Expertise in endpoint, web, and authentication log analysis 
• →Experience creating SIEM/EDR detections 
• →Experience responding to modern authentication attacks (AD, Entra, OATH, etc.) 
• →Deep knowledge of common attack paths, including LOLBins, adversary tools, BEC attacks, AiTM, and lateral movement techniques 
• →Strong knowledge of: 
• →SIEM workflows (preferably Microsoft Sentinel or Splunk) 
• →Modern authentication systems and attacks (SSO, OATH, Entra) 
• →Malware detection and analysis (dynamic and light static) 
• →Network and firewall logs, IDS/WAF, web traffic logs 
• →Email security and BEC attack methodologies 
• →Windows and Unix forensic artifacts (registry, wtmp/btmp, etc.) 
• →Windows PE and malicious document analysis 
• →Legitimate and malicious remote access methods 
• →O365 attack paths and common adversary techniques 
• →Network metadata and commonly abused protocols 
• →Credential harvesting tools and methodologies 
• →Experience countering ransomware threat actors (preferred) 

• Experience in intrusion analysis, incident response, digital forensics, penetration testing, or similar fields 
• 3+ years of hands-on SOC/TOC/NOC experience 
• GIAC certification(s) strongly preferred 
• Additional certifications such as CISSP, Security+, Network+, CEH, RHCA, RHCE, MCSA, MCP, MCSE 
• Familiarity with tools such as Microsoft Sentinel, Splunk, Microsoft Defender suite, CrowdStrike Falcon, SentinelOne 
• Familiarity with GPO, LANDesk, or other IT infrastructure tools 
• Experience with one or more programming languages (JavaScript, Python, Lua, Ruby, Go, Rust) 

• Bachelor’s degree in Information Security, Computer Science, or related IT field, or equivalent experience 

About BlueVoyant

BlueVoyant is an AI-driven cybersecurity company dedicated to standing between our customers and cyber threats. By combining human, artificial, and proprietary intelligence, we deliver a unified solution that protects every organization’s network, identities, vendors, and digital footprints as a single attack surface. The company’s award-winning Microsoft Security expertise helps organizations maximize their security investments while reducing risk and ensuring compliance. 

Led by CEO, John Hernandez, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. 

Founded in 2017 by Fortune 500 executives, including Chairman of the Board, Jim Rosenthal, Vice Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America and is committed to building a workplace where talented people are empowered to do their best work in the fight against global cyber threats.. 

Important Information for Applicants 

BlueVoyant uses AI-assisted tools within our applicant tracking system to help identify candidates whose experience and skills best match the requirements of a role. This technology provides hiring teams with added insights to support fair and efficient hiring decisions. All applications are reviewed by a member of our hiring team, and final hiring decisions are made by humans, not AI. By submitting your application, you acknowledge that AI tools may assist in the evaluation of your resume as part of the recruitment process. 

While we embrace the use of AI within our business and recruitment process, we do not permit its use during interviews. Any suspected use of AI during an interview will be challenged, and this may include the use of detection tools. 

For more information on how we process your personal data, please review our Candidate Privacy Notice available at https://www.bluevoyant.com/candidate-privacy-notice. 

All employees must be authorized to work in the United States of America.  BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. 

Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status.

As part of our interview process, we assess your experience through real-time discussion, so we expect responses to be your own. While we support the use of AI in our business, it is not permitted during interviews, and any suspected use may be challenged, including through detection methods.

BlueVoyant Candidate Privacy Notice

To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice