Lead SOC Analyst

At RSM, a leading provider of professional services to the middle market globally, our mission is to instill confidence in a world of change. We empower our clients and people to realize their full potential, supported by a remarkable culture and exceptional talent experience. Join us in an environment that inspires and enables you to thrive both personally and professionally.

As a Lead SOC Analyst within RSM Defense, you will take ownership of high-severity security investigations and influence the SOC's technical direction in our growing managed security services environment. You will lead comprehensive incident analyses, validate adversary behavior, and deliver clear containment and remediation guidance tailored to our diverse client organizations. Your role will also entail driving detection engineering and response automation through the identification of content gaps and operational improvements.

Key Responsibilities:

Advanced Investigation, Incident Handling & Incident Response

• Lead high-severity investigations across endpoint, network, cloud, and identity telemetry.
• Conduct root cause analysis and reconstruct incident timelines utilizing the MITRE ATT&CK framework.
• Act as the primary technical point of contact during escalated incidents, presenting clear findings and actionable remediation steps to leadership and clients.
• Create After-Action Reports (AARs) and document lessons learned to enhance tooling and detection capabilities.

Detection Engineering & Content Support

• Identify detection gaps and collaborate with Detection Engineering to develop and refine detection content.
• Validate new detection implementations before deployment, ensuring quality through production telemetry feedback.

SOAR Automation & Workflow Optimization

• Utilize SOAR platforms to automate enrichment, triage, and response actions effectively.
• Propose improvements to workflows to minimize mean time to resolution (MTTR) based on repetitive patterns.
• Ensure new automation logic aligns with SOC escalation policies prior to launch.
• Collaborate with engineering teams to integrate additional enrichment sources and AI-driven analysis methodologies.

AI, Machine Learning & Prompt Engineering

• Leverage AI-powered tools to assist in case triage and investigation processes.
• Develop and maintain effective prompt templates for SOC use cases.
• Assess the accuracy of AI-generated outputs and create quality assurance steps to mitigate misleading results.
• Explore opportunities to enhance detection and response workflows with AI agent integration.
• Provide feedback regarding automation and model integration to engineering teams.

Threat Hunting & Proactive Analysis

• Engage in hypothesis-driven threat hunting and validate emerging threats and anomalies.
• Recommend new hunting initiatives based on trends and telemetry gaps identified during investigations.
• Communicate findings that lead to new detections and improve instrumentation.

Leadership, Mentoring & Team Development

• Mentor junior analysts on investigation methodologies and documentation practices.
• Conduct reviews of case handling by Tier 1/2 analysts and offer constructive feedback.
• Contribute to the development of training materials and knowledge-sharing sessions.
• Lead internal workshops and technical briefings across SOC teams.

Reporting & Continuous Improvement

• Produce thorough technical reports, incident summaries, and communications suitable for executive audiences.
• Identify areas for process enhancements in monitoring, detection logic, and analyst training.

Required Qualifications:

• 5+ years of experience in SOC operations, detection engineering, threat hunting, or incident response.
• Proven ability to lead complex investigations and articulate findings to technical and non-technical stakeholders.
• Hands-on experience with SIEM/EDR/XDR tools, capable of writing and tuning detection rules.
• Strong knowledge of the incident response lifecycle and evidence-driven analysis.

Preferred Qualifications:

• Relevant certifications such as GCIH, GCFA, or GCDA.
• Experience with platforms like Elastic or Splunk.
• Familiarity with the MITRE ATT&CK framework.
• Exposure to scripting languages for enhanced automation.

Key Attributes:

• Curious and detail-oriented with a proactive defense approach.
• Able to thrive in high-paced and collaborative environments.
• Strong verbal and written communication skills.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.

This role offers a unique opportunity to engage deeply in proactive threat detection and response while contributing to the maturity and effectiveness of our SOC security posture.

At RSM, we provide a competitive benefits and compensation package that supports a flexible work schedule and helps you balance life's demands. Explore our rewards and incentives.