Responsibilities
- Monitor and triage security alerts and events across enterprise systems, endpoints, cloud platforms, and networks
- Investigate suspicious activity, indicators of compromise, phishing attempts, malware detections, and unauthorized access attempts
- Escalate validated security incidents to senior analysts or engineering teams as appropriate
- Support containment, remediation, and recovery activities during cybersecurity incidents
- Assist with root cause analysis and incident documentation
- Support administration and monitoring of cybersecurity platforms including: Microsoft GCC High, Crowdstrike and other EDR/XDRs, PIM/PAM Tools, Various SIEMs, Azure Sentinel
- Monitor endpoint detection and response (EDR/XDR) alerts and telemetry
- Assist with tuning alerting rules and reducing false positives
- Support vulnerability management and remediation tracking activities
- Help maintain endpoint, identity, and cloud security configurations
- Review logs and security telemetry from SIEM, endpoint, network, and cloud security platforms
- Identify anomalous or malicious behavior patterns
- Assist with development and improvement of detection rules, playbooks, and response procedures
- Participate in threat hunting and proactive security monitoring initiatives
- Support cybersecurity compliance initiatives including CMMC, NIST 800-171, and DFARS requirements
- Maintain accurate incident records, investigation notes, and operational documentation
- Assist with audit preparation, evidence collection, and remediation tracking
- Follow established security procedures and escalation processes
- Collaborate with IT, Engineering, and business teams to improve organizational security posture
- Assist with phishing response and user security awareness efforts
- Contribute to continuous improvement of SOC processes and operational maturity
Requirements
- 3–5+ years of experience in cybersecurity, IT support, systems administration, or SOC operations
- Foundational understanding of cybersecurity concepts including networking, endpoint security, identity management, and incident response
- Familiarity with security monitoring and alert triage processes
- Experience working with Managed Security Service Providers (MSSPs)
- Experience or exposure to enterprise security platforms such as: Microsoft GCC High, Crowdstrike and other EDR/XDRs, App Allow/Block-listing tools, PIM/PAM Tools, Various SIEMs, Azure Sentinel
- Strong understanding of Windows, Linux, macOS, and cloud-based environments
- Basic understanding of SIEM, EDR/XDR, phishing analysis, and log analysis
- Strong analytical, troubleshooting, and problem-solving skills
- Excellent written and verbal communication skills
- Ability to prioritize and manage multiple tasks in a fast-paced environment
- Must be a U.S. Citizen eligible for government facilities and sensitive information
- Ability to obtain additional security clearances as required by contract
Nice to Have
- Active Security Clearance
- Experience supporting defense, aerospace, government contracting, or regulated technology environments
- Familiarity with Microsoft GCC High environments
- Familiarity with using AI and LLM tools within the SOC
- Familiarity with monitoring AI and LLM tools
- Exposure to compliance frameworks such as NIST 800-171, CMMC, CIS Controls, or ISO 27001
- Experience with scripting or automation using PowerShell, Python, or Bash
- Familiarity with digital forensic process and chain of custody
- Knowledge of MITRE ATT&CK framework and common threat actor techniques
- Security certifications such as Security+, CySA+, SC-900, Network+, or equivalent
- Experience working in a 24/7 or operational security environment preferred
Benefits
- Medical, dental, and vision benefits 100% paid for by the company
- 401k (+ 50% company match up to 6% of pay)
- FSA
- HSA
- Life insurance
- Free daily lunch
- No meeting Fridays
- Unlimited PTO
- Casual dress code
- Relocation assistance
- Generous pre-IPO stock option grants
- Annual bonuses (coming soon)
Work Arrangement
On-site — Los Angeles, Washington, D.C., San Francisco, San Diego, Seattle, London
Team
Team size: growing Security Operations team. Structure: works closely with senior security engineers, IT, and infrastructure teams
Additional Information
- Must be a U.S. Citizen eligible for government facilities and sensitive information
- Ability to obtain additional security clearances as required by contract
- Position is ideal for someone who thrives in a fast-paced startup environment
- Role is onsite
- Recruiting agencies: CHAOS Industries does not accept unsolicited resumes or outreach