This position works in our Technology team and serves as a Tier 1 security operations analyst, monitoring and triaging security alerts across ARI's enterprise IT and OT environments. The role executes documented playbooks, escalates higher-severity incidents to senior security staff, and contributes to the maturation of ARI's detection and response capability. The SOC Analyst I is the first line of detection and response for ARI's IT estate and works in coordination with the OT Security Engineer, who owns the OT side, and with ARI's external MSSP. This position will report to Head of Remote Workforce Strategy and the Director of Technology. This is a hybrid position, with most of the time spent working from home but with office attendance from time to time, as needed.
Responsibilities
- Monitor security alerts and telemetry from Microsoft Sentinel, Defender XDR, Entra ID, and adjacent enterprise security tooling during U.S. business hours.
- Triage alerts using documented playbooks: validate, classify, gather context, and either resolve, suppress with rationale, or escalate.
- Open, maintain, and close incident tickets in ARI's ITSM system (Jira Service Management) with audit-quality documentation.
- Triage phishing reports, including end-user reports to the abuse mailbox and automated phish detections.
- Contribute to detection tuning by flagging false-positive patterns and recommending refinements.
- Maintain SOC runbooks and playbook documentation; recommend updates based on observed alert patterns.
- Support routine security operations tasks: account access reviews, certificate expiry tracking, vulnerability report triage.
- Participate in tabletop exercises and post-incident reviews; capture lessons learned.
- Escalate to the OT Security Engineer on any indication of OT- or SCADA-related security events.
- Coordinate with ARI's MSSP for incidents requiring deeper investigation or after-hours coverage.
Qualifications
- 1–3 years in a SOC, IT security operations, or IT support role with security responsibilities; strong entry-level candidates with demonstrated learning velocity will also be considered.
- Familiarity with the Microsoft 365 security stack: Sentinel, Defender XDR, Entra ID, Purview.
- Foundational knowledge of common attack patterns: phishing, credential theft, MFA fatigue, business email compromise, ransomware delivery.
- Working knowledge of networking fundamentals: TCP/IP, DNS, HTTP/S, VPN, basic packet flow.
- Foundational knowledge of operating system concepts on Windows and macOS endpoints.
- Strong documentation discipline; ability to write clear incident notes that survive audit review.
- Clear written and verbal communication, including the ability to escalate concisely under time pressure.
- Bachelor's degree in Cybersecurity, Information Technology, or related discipline — or equivalent demonstrated experience.
- Preferred certifications: CompTIA Security+, Microsoft SC-200, or equivalent.
- Comfortable working in a remote-first environment with clear handoffs to senior staff and an external MSSP.
