Jr. SOC Analyst

Position Name: Jr. SOC Analyst
Reports to: SOC Team Lead
Location/Type: Remote
Status: Hourly

Atlas Technica shoulders IT management, user support, and cybersecurity for hedge funds and other investment firms. We value ownership, execution, growth, intelligence, and camaraderie, and are looking for people who share these values while putting the customer first.

The Jr. SOC Analyst is an entry-level security operations role. Primarily follows established runbooks, performs basic triage and investigations, and escalates appropriately. High focus on accuracy, documentation, and learning core SOC tools and workflows.

This role requires clear spoken and written English for professional communication across tickets, handoffs, investigations, and client/internal updates.

Key Responsibilities

• Alert monitoring and triage

• Monitor security alerts from Defender, Intune, Entra ID, and SIEM under supervision.

• Acknowledge alerts, perform initial classification, and follow documented SLAs for routing/assignment.

• Execute runbook-driven triage steps such as log collection, user contact, and simple containment checks; identify obvious false positives vs. potential true positives and escalate unclear cases.

• Investigation and response

• Use Defender portals, SIEM queries, and activity logs to gather evidence as directed by more senior analysts.

• Execute low-risk containment actions (e.g., password reset, session sign‑out) with approval and runbook guidance.

• Escalate incidents promptly based on clear criteria to SOC Analysts, Senior SOC Analysts, NOC, or engineering.

• Runbooks, ticketing, and communication

• Follow SOC runbooks precisely and flag gaps or confusing steps for review.

• Maintain accurate, complete ticket notes reflecting actions taken and status; use standard templates for internal updates.

• Participate in shift handoffs; ensure clear communication of open items and pending investigations.

• Maintain clear, accurate, and professional English in ticket notes, shift handoffs, internal updates, and basic client-facing communications.

• Collaboration and support

• Work closely with SOC engineers to distinguish infrastructure vs. security issues and drive joint resolutions.

• Create and maintain tickets from vulnerability/exposure findings (e.g., Cavelo, Defender TVM) and track remediation with stakeholder teams.

• Provide incident and alert context to support client-facing security posture and risk reviews.

• Participate in shift handoffs and SOC ceremonies; engage in ongoing training on new threats, tools, and SOC procedures.

Requirements

• ~1–2 years of IT or operations experience (NOC, helpdesk, junior SOC, or similar)

• Some exposure to security alerts and tools is strongly preferred but not required to be deep.

• Professional proficiency in written and spoken English, including the ability to produce clear ticket notes, follow handoff standards, and communicate professionally with internal teams and clients

• Practical experience with:

• Familiarity with Microsoft 365/Azure (Exchange Online, SharePoint/OneDrive, Intune, Azure AD/Entra ID).

• Basic familiarity with Microsoft Defender and at least one SIEM from prior roles or training.

• Understanding of fundamentals: auth/access control (MFA, conditional access), Windows endpoint/server security, and basic network security (VPN, DNS, DHCP, firewalls).

• Ability to:

• Read and interpret security alerts, logs, and correlated events, escalate when uncertain.

• Communicate clearly with both technical and non-technical stakeholders, including clients.

• Document incidents, runbooks, and processes in a clear, structured way.

• Demonstrated passion for security, strong ownership mindset, follow-through, and data-driven decision-making.

Desirable Qualifications

• Experience in a Managed Services Provider (MSP) or multi-tenant environment.

• Familiarity with Cavelo or other data discovery/exposure platforms.

• Experience with vulnerability management tools and frameworks (e.g., CIS, NIST).

• Security-related certifications such as Security+, AZ-500, SC-200, or equivalent.

• Experience supporting clients in the financial services or alternative investment industry.