STIGroup’s Managed Security Operations (MSO) team provides cybersecurity monitoring, detection, and incident response to organizations that rely on us to protect their most critical assets. We combine cutting-edge tools with a collaborative, client-focused culture to deliver trusted managed security services — and now we’re looking for a Tier 3 Senior SOC Analyst/Engineer to join us.

This role blends advanced incident response with SOC engineering. You’ll lead high-severity investigations, mentor junior analysts, and improve our detection pipelines through SIEM tuning, SOAR playbook development, and log source onboarding. It’s the ideal role for someone who thrives on dissecting attacker TTPs while also building the systems that stop them.

Please note: STIGroup is unable to offer employment sponsorship. Candidates must be eligible to work in the United States. 

What You’ll Do

Incident Response & Threat Detection

• • Lead  Incident Response investigations of complex incidents across Windows, Linux, and Mac environments.
  • Perform root cause analysis to uncover persistence mechanisms, lateral movement, and attacker TTPs.
  • Conduct malware triage and analysis (static and dynamic).
  • Review  Forensics artifacts such as memory, event logs, and registries.
  • Develop and tune detection logic within SIEM  platforms.
  • Guide containment and remediation alongside engineering teams.
  • Provide  Mentorship to Tier 1 and Tier 2 analysts, review escalations, and refine workflows.
  • Contribute to  Automation improvements (e.g., SOAR).
  • Produce incident reports and communicate findings to stakeholders and clients.

SOC Engineering & Tooling

• • Architect, maintain, and optimize SOC platforms (SIEM, EDR, vulnerability scanners, SOAR).
  • Onboard new customers and integrate log sources into the SOC environment.
  • Design, build, and deploy SOAR playbooks for triage and automated response.
  • Improve  Detection Engineering pipelines and troubleshoot ingestion gaps.
  • Maintain infrastructure documentation and detection repositories.
  • Drive  Automation and process improvements using scripting (Python, PowerShell, APIs).

What You'll Bring

• 4+ years in SOC analysis, incident response, or security engineering.
• Strong experience leading escalated incident response.
• Hands-on experience with leading SIEM and EDR platforms.
• Proficiency in malware analysis, network forensics, and detection engineering.
• Familiarity with MITRE ATT&CK and attacker tradecraft.
• Experience with forensic analysis tools and methodologies.
• Strong scripting and automation skills (Python, PowerShell, APIs).
• Excellent communication skills, including customer-facing reporting.
• Proven ability to mentor, collaborate, and peer review.
• Adaptability in a fast-paced, fully remote environment.
• Commitment to continuous learning and staying ahead of cyber threats.

Culture & Team

We’re a remote-first SOC that values collaboration, knowledge sharing, and continuous improvement. Our analysts are encouraged to experiment, mentor, and bring new detection ideas to the table. You won’t be siloed. You’ll be working directly with engineering, leadership, and clients to make a visible impact.

Benefits 

• Comprehensive medical, dental, and vision coverage
• 401(k) with company match
• Certification reimbursement and continuous training opportunities
• Flexible PTO and paid holidays
• Remote-first role with core collaboration hours in EST
• Opportunities to lead initiatives and directly shape SOC operations

Our Tools & Platforms

You’ll work with leading SIEM and EDR platforms, next-generation SOAR technology, and industry-standard vulnerability management and network security tools. Our environment blends enterprise-grade solutions with cutting-edge automation, giving you the opportunity to influence how we detect and respond to threats.