Senior Security Operations Center (SOC) Analyst
Position Summary
At Sentry, we are seeking a highly skilled Senior Security Operations Center (SOC) Analyst to
join our Cyber Security team. The successful candidate will play a key role in monitoring, detecting, investigating, and responding to security incidents across hybrid and cloud-native environments. This position focuses on protecting cloud infrastructure, improving detection capabilities, leading complex incident investigations, and continuously enhancing the organization's security posture through threat hunting, detection engineering, and security automation.
The ideal candidate has extensive experience with SIEM technologies such as Elastic Security and Splunk, strong knowledge of cloud security, and the ability to investigate sophisticated threats across endpoints, identities, networks, and cloud workloads.
Key Responsibilities
- Monitor and investigate security events across cloud infrastructure, endpoints, identity platforms, and enterprise applications using Elastic Security, Splunk, Wazuh and other security monitoring tools.
- Lead the investigation, containment, eradication, and recovery of complex cybersecurity incidents.
- Perform proactive threat hunting using telemetry from cloud platforms, endpoints, identity providers, and network security controls.
- Develop, tune, and maintain SIEM detection rules, correlation searches, dashboards, and alerting logic to improve detection accuracy while reducing false positives.
- Create and optimize detection content aligned with the MITRE ATT&CK framework and current threat intelligence.
- Investigate cloud-specific security events, including identity compromise, privilege escalation, workload attacks, container security incidents, and cloud misconfigurations.
- Analyze authentication logs, API activity, network traffic, endpoint telemetry, and cloud audit logs to identify malicious activity and indicators of compromise.
- Collaborate with cloud, infrastructure, and DevOps teams to investigate and remediate security findings.
- Support incident response activities, including forensic data collection, evidence preservation, root cause analysis, and lessons learned.
- Develop and maintain SOC playbooks, investigation procedures, and operational documentation.
- Assist in integrating new log sources and security telemetry into SIEM platforms.
- Participate in purple team exercises, adversary emulation, and validation of detection capabilities.
- Mentor junior analysts and provide technical guidance during investigations.
- Contribute to continuous improvement initiatives across the SOC, including automation, workflow optimization, and detection engineering.
Required Qualifications
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience.
- Minimum of 5 years of experience in a Security Operations Center (SOC), Incident Response, or Cybersecurity Operations role.
- Strong hands-on experience with Elastic Security and/or Splunk Enterprise Security.
- Experience investigating security incidents across cloud-native and hybrid environments.
- Strong understanding of cloud platforms, including AWS, Microsoft Azure, and/or Google
Cloud Platform.
- Experience monitoring cloud audit logs such as AWS CloudTrail, Azure Activity Logs, Microsoft Entra ID logs, and Kubernetes audit logs.
- Strong knowledge of Windows, Linux, Active Directory, Microsoft Entra ID, networking, and identity security.
- Solid understanding of attack methodologies, adversary tactics, and the MITRE ATT&CK framework.
- Experience performing log analysis across operating systems, applications, cloud services, and network infrastructure.
- Proficiency in writing SIEM queries using Splunk SPL and Elasticsearch Query Language (ES|QL/KQL or Lucene syntax as applicable).
- Experience with scripting or automation using Python, PowerShell, or Bash.
- Strong analytical, troubleshooting, and communication skills.
Preferred Qualifications
- Experience securing Kubernetes, Docker, and containerized workloads.
- Experience with Infrastructure as Code (Terraform, CloudFormation, or ARM/Bicep).
- Familiarity with cloud security services such as AWS GuardDuty, Azure Defender, Microsoft Defender for Cloud, AWS Security Hub, or Google Security Command Center.
- Experience with SOAR platforms and security automation.
- Familiarity with CI/CD security, DevSecOps practices, and application security monitoring.
- Knowledge of threat intelligence platforms, IOC management, and malware analysis.
- Experience implementing detection-as-code methodologies.
What We Offer
- Competitive salary
- Comprehensive health coverage
- Flexible remote work and PTO
- Professional development support
Start Date
As soon as possible, upon completion of the selection process.
Employment Type
Full-time.
Application Process
Interested candidates should submit their CV, cover letter, and up to three professional references no later than 31 August 2026 at 11:59 PM.
Applications should be sent through the button below or to: careers@sentry.security
Please include the following subject line in your application email: “Senior Security Operations Center (SOC) Analyst–[Your Name]”
Sentry is an equal opportunity employer. We welcome applications from all qualified candidates who meet the role's requirements and are committed to ensuring a fair, inclusive, and respectful recruitment process.
