SOC (security operation center) Analyst - HYBRID - NJ - to $110,000

About the position Our client is seeking a SOC Analyst to strengthen our enterprise security posture through effective alert investigation, communication, and vulnerability management. This role combines day-to-day security operations monitoring with hands-on vulnerability lifecycle management, ensuring that findings across our security monitoring, detection, and assessment platforms are understood, prioritized, and remediated in close partnership with our IT infrastructure team. The ideal candidate is analytical, detail-oriented, and an excellent communicator, someone who keeps teammates informed, proactively shares updates, and collaborates naturally in a highly communicative IT organization built on shared accountability. You’ll have the opportunity to work with modern enterprise security technologies, learn their full capabilities, and contribute ideas for continuous improvement.

Responsibilities

• Monitor, triage, and analyze alerts from enterprise detection, monitoring, and security platforms.
• Perform analytical investigation of alerts to determine legitimacy, root cause, and business relevance, distinguishing genuine threats from false positives.
• Document investigation findings and communicate results clearly through established collaboration and reporting channels.
• Support configuration tuning and ongoing optimization of alerting systems under direction, improving signal quality and reducing noise.
• Participate in the configuration, execution, and review of enterprise vulnerability scanning and assessment activities in collaboration with cross-functional IT teams.
• Analyze vulnerability data from multiple sources, including endpoint protection and scanning platforms, to understand exposure, severity, and environmental relevance.
• Export, normalize, and curate vulnerability data into clear, well-organized lists to support prioritization and remediation planning.
• Research vulnerabilities to provide additional context on exploitability, impact, and remediation options.
• Interface directly with infrastructure leadership, engineers, and other IT staff to help explain findings, answer questions, and clarify remediation guidance.
• Support remediation efforts by tracking progress, validating updates, and maintaining visibility into vulnerability status for reporting and follow-up.
• Work closely with cybersecurity, infrastructure, and IT leadership to ensure consistent awareness and no surprises.
• Proactively share observations, emerging risks, and opportunities for improvement.
• Communicate effectively with colleagues at all levels, both verbally and in writing - comfortable reaching out, following up, and keeping others informed.
• Explore new or enhanced features in existing security tools and raise recommendations when they could benefit the firm’s environment.
• Support the administration and maintenance of data loss prevention (DLP) and information protection controls designed to safeguard company data.
• Participate in ongoing system hardening efforts, baseline reviews, and process improvements.
• Contribute to the development and refinement of internal documentation, runbooks, and playbooks to support consistent operations.

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related discipline, or equivalent practical experience.
• 3-5 years of experience in security operations, vulnerability management, or endpoint protection analysis.
• Exceptional communication and follow-through - keeps others informed and initiates discussion when needed.
• Familiarity with enterprise-class detection, endpoint protection, and vulnerability assessment technologies.
• Understanding of CVE analysis, remediation coordination, and risk-based prioritization.
• Proactive mindset - eager to learn evolving toolsets and contribute ideas for improvement.

Nice-to-haves

• Exposure to SIEM platforms and log-based investigation in an enterprise environment.
• Familiarity with Active Directory, group policies, or enterprise configuration baselines.
• Experience with scripting, automation, or reporting (PowerShell, Python, Power BI, etc.).
• Cybersecurity or cloud security certifications are welcome but not required - real-world experience and curiosity matter most.

Benefits

• 40 additional remote work days per year