Cybersecurity SOC Analyst II

Role Overview:

We are seeking a SOC Analyst II to join our growing Security Operations team and help defend the organization against evolving cyber threats. This role will support day-to-day monitoring, triage, investigation, and response activities across enterprise systems, endpoints, cloud infrastructure, and collaboration environments. 

The ideal candidate is a mid-career cybersecurity professional with a strong technical foundation, curiosity for threat analysis, and a desire to grow within a mission-focused defense technology environment. This individual will work closely with senior security engineers, IT, and infrastructure teams to identify suspicious activity, investigate alerts, and support the protection of sensitive company and government-related data. 

This position is ideal for someone who thrives in a fast-paced startup environment and is passionate about operational cybersecurity. 

Responsibilities:  

• Security Monitoring & Incident Response
  • Monitor and triage security alerts and events across enterprise systems, endpoints, cloud platforms, and networks  
  • Investigate suspicious activity, indicators of compromise, phishing attempts, malware detections, and unauthorized access attempts  
  • Escalate validated security incidents to senior analysts or engineering teams as appropriate  
  • Support containment, remediation, and recovery activities during cybersecurity incidents  
  • Assist with root cause analysis and incident documentation  
• Security Operations & Tool Administration
  • Support administration and monitoring of cybersecurity platforms including:  
  • Microsoft GCC High  
  • Crowdstrike and other EDR/XDRs 
  • PIM/PAM Tools 
  • Various SIEMs 
  • Azure Sentinel 
  • Monitor endpoint detection and response (EDR/XDR) alerts and telemetry  
  • Assist with tuning alerting rules and reducing false positives  
  • Support vulnerability management and remediation tracking activities  
  • Help maintain endpoint, identity, and cloud security configurations  
• Threat Detection & Analysis
  • Review logs and security telemetry from SIEM, endpoint, network, and cloud security platforms  
  • Identify anomalous or malicious behavior patterns  
  • Assist with development and improvement of detection rules, playbooks, and response procedures  
  • Participate in threat hunting and proactive security monitoring initiatives  
• Compliance & Documentation
  • Support cybersecurity compliance initiatives including CMMC, NIST 800-171, and DFARS requirements  
  • Maintain accurate incident records, investigation notes, and operational documentation  
  • Assist with audit preparation, evidence collection, and remediation tracking  
  • Follow established security procedures and escalation processes  
• Security Awareness & Collaboration
  • Collaborate with IT, Engineering, and business teams to improve organizational security posture  
  • Assist with phishing response and user security awareness efforts  
  • Contribute to continuous improvement of SOC processes and operational maturity  

 Minimum Requirements: 

• 3–5+ years of experience in cybersecurity, IT support, systems administration, or SOC operations  
• Foundational understanding of cybersecurity concepts including networking, endpoint security, identity management, and incident response  
• Familiarity with security monitoring and alert triage processes  
• Experience working with Managed Security Service Providers (MSSPs) 
• Experience or exposure to enterprise security platforms such as:  
• Microsoft GCC High  
• Crowdstrike and other EDR/XDRs 
• App Allow/Block-listing tools 
• PIM/PAM Tools 
• Various SIEMs 
• Azure Sentinel 
• Strong understanding of Windows, Linux, macOS, and cloud-based environments  
• Basic understanding of SIEM, EDR/XDR, phishing analysis, and log analysis  
• Strong analytical, troubleshooting, and problem-solving skills  
• Excellent written and verbal communication skills  
• Ability to prioritize and manage multiple tasks in a fast-paced environment  
• Must be a U.S. Citizen eligible for government facilities and sensitive information
• Ability to obtain additional security clearances as required by contract

Preferred Requirements: 

• Active Security Clearance
• Experience supporting defense, aerospace, government contracting, or regulated technology environments  
• Familiarity with Microsoft GCC High environments  
• Familiarity with using AI and LLM tools within the SOC 
• Familiarity with monitoring AI and LLM tools 
• Exposure to compliance frameworks such as NIST 800-171, CMMC, CIS Controls, or ISO 27001  
• Experience with scripting or automation using PowerShell, Python, or Bash  
• Familiarity with digital forensic process and chain of custody 
• Knowledge of MITRE ATT&CK framework and common threat actor techniques  
• Security certifications such as Security+, CySA+, SC-900, Network+, or equivalent  
• Experience working in a 24/7 or operational security environment preferred  

Why CHAOS?

• Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
• Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
• Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code
• Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
• Team Growth: 250 employees and counting across 5 global offices

The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity, and benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. 

Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.

#LI-onsite