Keeper Security, Inc. is looking for a SOC Analyst - Tier 2 to serve as the escalation point for security alerts and lead tactical incident response. This role requires deep technical knowledge, investigative instinct, and the ability to make real-time decisions under pressure to protect our environment.
What You'll Do
- Lead end-to-end execution of complex DevOps and infrastructure programs.
- Perform in-depth triage and analysis of escalated alerts to determine scope, impact, and root cause.
- Lead response actions such as isolating hosts, revoking credentials, or blocking network indicators.
- Examine endpoint, network, and cloud logs to reconstruct attack timelines and adversary behaviors.
- Execute and enhance incident response playbooks, detection rules, and escalation criteria.
- Maintain operational command during assigned shifts, ensuring situational awareness, incident logging, and proper shift handovers.
- Conduct proactive threat hunting for suspicious activity and emerging indicators of compromise.
- Validate data integrity from security tools and assist with tuning or integrations.
- Partner with IT, DevSecOps, and compliance teams to mitigate vulnerabilities and improve defenses.
- Produce high-quality incident reports, lessons learned, and recommendations for leadership.
What We're Looking For
- Bachelor’s degree in Cybersecurity, Computer Science or related field, or equivalent practical experience.
- 2–4 years in a SOC, incident response, or cyber defense role.
- Experience with SIEM platforms and EDR technologies.
- Strong understanding of MITRE ATT&CK, threat actor TTPs, and multi-source log correlation.
- Hands-on experience analyzing network traffic, endpoint behavior, and cloud telemetry.
- Familiarity with scripting for automation and analysis (Python, PowerShell, or Bash).
- Strong written and verbal communication skills for incident reporting and coordination.
Nice to Have
- Certifications such as GCIA, GCIH, CySA+, CEH, or equivalent.
- Experience with SOAR platforms, automation pipelines, and threat intelligence enrichment.
- Familiarity with AWS Security Hub, GuardDuty, or other cloud-native security services.
- Background in root cause analysis, purple-team exercises, or tabletop simulations.
- Experience supporting regulated environments (SOC 2, FedRAMP, ISO 27001, etc.).
Technical Stack
- SIEM platforms (e.g., Splunk, Sumo Logic, Sentinel)
- EDR technologies
- AWS Security Hub, GuardDuty
- Python, PowerShell, Bash
Team & Environment
You will work closely with engineering, DevOps, and incident response teams.
Benefits & Compensation
- Medical, Dental & Vision (inclusive of domestic partnerships).
- Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life.
- Voluntary Short/Long Term Disability Insurance.
- 401K (Roth/Traditional).
- A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc).
- Above market annual bonuses.
Work Mode
This is a hybrid position based in the El Dorado Hills, CA area.
Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program.
