Jobs at Atlas Technica (Now Hiring) — 3 open

SOC Analyst

Position Name: SOC Analyst
Reports to: SOC Team Lead
Location/Type: Remote
Status: Hourly

Atlas Technica shoulders IT management, user support, and cybersecurity for hedge funds and other investment firms. We value ownership, execution, growth, intelligence, and camaraderie, and are looking for people who share these values while putting the customer first.

The SOC Analyst is a front-line security operations role focused on monitoring and triaging alerts, performing hands-on investigations, executing runbooks, and communicating clearly with internal teams and clients.

This role requires clear spoken and written English for professional communication across tickets, handoffs, investigations, and client/internal updates.

Key Responsibilities

• Alert monitoring and triage
• Serve as the primary front line for SOC security alerts during coverage hours.
• Monitor alerts from Microsoft Defender, Intune, DLP, Azure AD/Entra ID, and SIEM/SOC providers.
• Acknowledge, classify, and prioritize alerts based on severity, client impact, and defined SLAs.
• Execute runbook-driven triage steps (log collection, user verification, initial containment) and determine true/false positives.
• Investigation and response
• Investigate alerts using Defender portals, SIEM, activity logs, and audit trails.
• Correlate identity, endpoint, cloud, and network signals to build a clear incident narrative.
• Execute containment actions (account disable, password reset, endpoint isolation, firewall change requests) in line with runbooks and change control.
• Escalate incidents to senior SOC staff, NOC, engineering, or client teams based on defined criteria.
• Runbooks, ticketing, and communication
• Follow SOC runbooks precisely for common alert types and identify gaps or outdated steps based on real cases.
• Propose and document corrections or enhancements to runbooks with SOC leadership and SOC Engineers.
• Open and update tickets with clear, complete notes that reflect actions taken and current status.
• Use approved templates and guidelines when notifying internal teams and clients; maintain accurate, audit-ready records of alerts and incidents.
• Ensure smooth handoffs between NOC and SOC and across shifts.
• Write clear, professional English communications for ticket updates, incident notes, handoffs, and internal/client notifications using approved templates and standards
• Collaboration and support
• Work closely with NOC engineers to distinguish infrastructure vs. security issues and drive joint resolutions.
• Create and maintain tickets from vulnerability/exposure findings (e.g., Cavelo, Defender TVM) and track remediation with stakeholder teams.
• Provide incident and alert context to support client-facing security posture and risk reviews.
• Participate in shift handoffs and SOC ceremonies; engage in ongoing training on new threats, tools, and SOC procedures.

Requirements

• 1–2+ years of experience in IT and/or security operations (NOC, SOC, systems engineering, or equivalent).
• Professional proficiency in written and spoken English, including the ability to document investigations clearly and communicate effectively with technical and non-technical stakeholders.
• Practical experience with:
• Microsoft 365 and Azure (Exchange Online, SharePoint/OneDrive, Intune, Azure AD/Entra ID).
• Microsoft Defender stack (Endpoint, Identity, Office 365, Cloud Apps) and at least one SIEM platform.
• DLP, identity security (conditional access, MFA), and endpoint protection tools.
• Strong understanding of:
• Authentication and access control concepts (Azure AD, SSO, conditional access, MFA).
• Windows endpoint and server security fundamentals.
• Basic network security concepts (VPN, DNS, DHCP, firewalls, IDS/IPS).
• Ability to:
• Read and interpret security alerts, logs, and correlated events.
• Communicate clearly with both technical and non-technical stakeholders, including clients.
• Document incidents, runbooks, and processes in a clear, structured way.
• Demonstrated passion for security, strong ownership mindset, follow-through, and data-driven decision-making.

Desirable Qualifications

• Experience in a Managed Services Provider (MSP) or multi-tenant environment.
• Familiarity with Cavelo or other data discovery/exposure platforms.
• Experience with vulnerability management tools and frameworks (e.g., CIS, NIST).
• Security-related certifications such as Security+, AZ-500, SC-200, or equivalent.
• Experience supporting clients in the financial services or alternative investment industry.