Senior SOC Analyst (L3)

Role: Senior SOC Analyst (L3)

Location: Denver, CO (Hybrid)

Contract - 12 Months

Must need 3-4 years of domain experience in recent.

Project-Specific Prerequisite Skills:

• Rapid7 InsightIDR (XDR+SIEM)

• Rapid7 InsightConnect (SOAR)

Key Responsibilities:

• Incident Detection & Response: Lead incident response activities, ensuring quick detection, analysis, and resolution of security incidents. Provide hands-on support to the SOC team during high-priority events.

• SIEM & SOAR Management: Manage and configure Rapid7 InsightIDR and InsightConnect, including log source integration, custom parser development, and optimization of correlation rules and use cases.

• Threat Analysis: Conduct in-depth analysis of security events to identify successful intrusions and compromises. Differentiate false positives from genuine threats to minimize incident noise.

• Automation & Orchestration: Leverage Ansible, Puppet, Python, and PowerShell to automate repetitive SOC tasks, enhance incident response processes, and improve efficiency.

• Configuration Management: Use Ansible and Puppet to standardize and manage SOC system configurations across multiple environments.

• Investigation Management: Lead investigations of incidents escalated by Level 1 analysts and ensure thorough documentation and resolution.

• Quick Mitigation Techniques: Implement interim defensive measures until permanent solutions can be deployed.

• Security Enhancements: Develop and maintain playbooks in Rapid7 InsightConnect to orchestrate and streamline SOC operations.

• Gap Analysis & Recommendations: Identify gaps in the security environment and recommend appropriate measures for risk mitigation.

• Vulnerability Awareness: Stay up to date with the latest vulnerabilities, threat advisories, and penetration techniques to proactively defend against emerging risks.

Desired Skills:

• 15+ years of relevant experience

• Strong experience with Rapid7 InsightIDR and InsightConnect, including advanced configuration, rule development, and integration.

• Proficiency in automation and scripting tools, including Python, PowerShell, and Bash, to streamline security operations.

• Hands-on expertise with Ansible and Puppet for configuration management, automation, and environment standardization.

• Advanced knowledge of SIEM and SOAR tools, with proven experience optimizing detection and response workflows.

• Familiarity with incident response frameworks such as NIST, MITRE ATT&CK, and SANS.

• Strong understanding of firewalls, IDS/IPS, antivirus, EDR, and behavioral analytics tools.

• Experience with API integrations for security toolsets and custom reporting solutions.

• Knowledge of log analysis tools, threat intelligence platforms, and vulnerability scanners.

• Relevant certifications such as GCIH, CEH, CISSP, or certifications related to Rapid7 InsightIDR (must have), Ansible, or Puppet are highly desirable.

Educational & Professional Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent professional experience.