Security Operations Analyst (mid level)

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.Job OverviewAs a SecOps Analyst at Saronic, you'll be on the front line of our detection and response operations, triaging and investigating security alerts across endpoint, cloud, identity, network, and SaaS telemetry using our SIEM and XDR platforms. You'll run root cause analysis on real events, lead initial response for mid-tier incidents (contain, eradicate, recover), and tune detections to cut down on noise and sharpen what actually matters. Beyond the day-to-day, you'll join the on-call rotation, run targeted threat hunts to catch what automation misses, help build out our playbooks and runbooks, and contribute to post-incident reviews that turn gaps into real improvements. This is an early, formative role on a SecOps team being built from the ground up, so you'll have a direct hand in shaping how we operate, with room to grow across security domains rather than being boxed into one lane.ResponsibilitiesDetection & Alert OperationsMonitor and triage security alerts across endpoint, cloud, identity, network, and SaaS telemetry using enterprise SIEM and XDR platformsPerform in-depth alert investigation and root cause analysis, documenting findings with clear, structured timelines and impact assessmentsTune detections to reduce false positive noise and improve signal fidelity; contribute to detection-as-code pipelines using structured query languagesOperate across multiple detection and visibility platforms as part of a maturing, layered security monitoring ecosystemIncident Response & InvestigationLead initial incident response for mid-tier events: contain, eradicate, and recover across endpoint, cloud, and identity domainsParticipate in the on-call incident rotation and effectively communicate status and findings to the SecOps Lead and relevant stakeholdersConduct post-incident reviews, identifying gaps in detection, response, and containment and translating them into actionable improvementsCoordinate with Security Engineering and IT during active incidents to accelerate response and reduce dwell timeSecOps Foundation & EnablementSupport the SecOps Lead in developing and refining response playbooks, runbooks, and analyst workflow documentationConduct targeted threat hunting operations to identify attacker activity not surfaced by automated detectionsContribute to SecOps metrics tracking, reporting, and operational readiness reviewsHelp onboard and mentor junior analysts as the team grows, serving as a technical resource and process guideQualifications3+ years of hands-on experience in a Security Operations, detection engineering, or incident response roleDemonstrated experience triaging and investigating alerts across at least two of the following: endpoint, cloud, identity, network, or SaaS environmentsHands-on proficiency with enterprise SIEM platforms and their query languages; ability to write and iterate on detection logic from scratchExperience with EDR tooling in an operational context; ability to hunt, triage, and respond using endpoint telemetrySolid understanding of attacker TTPs mapped to MITRE ATT&CK, and the ability to apply that knowledge during active investigationsExperience writing or iterating on detection logic, response playbooks, or SOC operational documentationScripting proficiency in Python, PowerShell, or Bash for alert enrichment, automation, or triage supportStrong understanding of network fundamentals: TCP/IP, DNS, firewall and proxy logs, and lateral movement patternsClear and structured written and verbal communication — you can brief a non-technical stakeholder and write a thorough incident reportOwnership mindset: you follow incidents through to closure and flag what needs to be fixed, not just what needs to be documentedSecurity Clearance eligible Preferred QualificationsExperience with XDR platforms and cross-domain correlated detection across endpoint, identity, and cloudFamiliarity with cloud-native security operations and log sources in AWS or Azure environmentsExperience with SOAR platforms or building response automation workflowsExposure to supply chain and CI/CD pipeline security monitoringFamiliarity with data lake-based or pipeline-driven detection architecturesExperience operating in or supporting classified, GovCloud, or FedRAMP environmentsBackground in defense, aerospace, robotics, or other high-assurance operational environmentsFamiliarity with compliance frameworks such as NIST SP 800-171, NIST SP 800-53, or CMMCRelevant certifications: GIAC GCIH, GCIA, GCFE, BTL1/2, CySA+, OSCP, or equivalentActive security clearance or prior clearance history is a strong differentiatorPhysical DemandsProlonged periods of sitting at a desk and working on a computerOccasional standing and walking within the officeManual dexterity to operate a computer keyboard, mouse, and other office equipmentVisual acuity to read screens, documents, and reportsOccasional reaching, bending, or stooping to access file drawers, cabinets, or office suppliesLifting and carrying items up to 20 pounds occasionally (e.g., office supplies, packages)BenefitsMedical Insurance: Comprehensive health insurance plans covering a range of servicesSaronic pays 100% of the premium for employees and 80% for dependentsDental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision careSaronic pays 100% of the premium under the basic plan for employees and 80% for dependentsTime Off: Generous PTO and HolidaysParental Leave: Paid maternity and paternity leave to support new parentsCompetitive Salary: Industry-standard salaries with opportunities for performance-based bonusesRetirement Plan: 401(k) plan with company matchStock Options: Equity options to give employees a stake in the company’s successLife and Disability Insurance: Basic life insurance and short- and long-term disability coveragePet Insurance: Discounted pet insurance options including 24/7 Telehealth helplineAdditional Perks: Free lunch benefit and unlimited free drinks and snacks in the officeSaronic CCPA Notice for Candidates and California EmployeesIf this role is based in the United States, it requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in 8 U.S.C. 1324b(a)(3).Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits. We are also committed to providing