Lead SOC Analyst

Position Summary 

The Senior Security Operations Center (SOC) Analyst at Copperleaf plays a critical role in protecting our global SaaS platform internal systems and customer environments. This role requires deep technical expertise in cloudcentric security operations advanced detection and response and strong familiarity with enterprise technologies that support Copperleafs product ecosystem and operational security. 

Senior Analysts lead complex investigations support continuous operational improvement and strengthen our ability to rapidly detect and respond to threats targeting cloud workloads (Azure) identity systems (Azure AD/Entra ID) clusters endpoint platforms and customerintegrated data pipelines. This role also mentors junior analysts and collaborates closely with Security Engineering CloudOps IT and Incident Response to improve detection logic logging visibility automation and resiliency across Copperleafs environment. 

Key Responsibilities 

Leadership & Team Support 

• Act as a senior escalation point for SOC investigations providing guidance aligned to Copperleafs security architecture and operational practices. 

• Mentor junior analysts and help drive team maturity in cloud security detection engineering and SaaSspecific monitoring. 

• Recommend training and process enhancements to support ongoing professional development. 

• Participate in tabletop exercises tailored to Copperleafs product cloud and operational risk scenarios. 

Security Monitoring & Incident Response 

• Lead investigations into security alerts across Copperleafs Azurehosted environments identity systems corporate endpoints and product infrastructure. 

• Support incident response activities including containment remediation documentation and lessonslearned. 

• Analyze logs from Azure Monitor Entra ID Kubernetes clusters application services and customerfacing integrations. 

• Create detections mapped to MITRE ATT&CK for cloud and SaaS environments. 

• Maintain and improve SOC playbooks and SOPs specific to Copperleafs operational compliance and customer commitments. 

• Recommend tuning of cloud-native and thirdparty detection tools to reduce false positives. 

• As part of your role you may be required to participate in an oncall rotation to support businesscritical operations outside of standard working hours.

Threat Intelligence Detection Engineering & Automation 

• Track emerging threats relevant to SaaS providers cloud platforms Kubernetes identity infrastructure and AIdriven attack techniques. 

• Conduct proactive threat hunting across cloud workloads identity logs endpoints and product telemetry. 

• Develop and refine KQL queries automation workflows and SOAR playbooks. 

• Evaluate logging coverage across Azure product services and corporate systems ensuring alignment to Copperleafs observability standards. 

CrossFunctional Collaboration 

• Collaborate with Security Engineering CloudOps IT and Platform teams to enhance detection capabilities and ensure appropriate telemetry. 

• Contribute to operational KPIs metrics and reporting used for Copperleaf leadership updates. 

• Share insights documentation and best practices to support overall team improvement. 

• Partner with CloudOps and Engineering on secure configuration operational visibility and incident readiness. 

Qualifications :

Skills & Experience Requirements 

• 5 years of SOC monitoring cloudfocused incident response or cybersecurity experience. 

• Strong understanding of threats targeting SaaS platforms Azure cloud environments Kubernetes and enterprise identity systems. 

• Proficiency in scripting languages (Python Bash PowerShell JavaScript) and KQL for advanced log analysis. 

• Handson experience with SIEM SOAR EDR/XDR threat intel platforms cloud security tooling and identity security controls. 

• Familiarity with frameworks and regulations relevant to Copperleaf (ISO 27001 SOC 2 NIST CSF CIS Controls GDPR). 

• Expertise with Windows macOS and Linux systems. 

Education Requirements 

• Bachelors degree preferred in cybersecurity computer science engineering or related fields. 

Certification Requirements 

Preferred certifications include: 

• GIAC Certified Incident Handler (GCIH) 

• GIAC Defending Advanced Threats (GDAT) 

• GIAC Certified Enterprise Defender (GCED) 

• Microsoft Certified SOC Analyst 

• CISSP 

• Azure Security Engineer (AZ500) strongly preferred for cloudfocused operations 

Additional Information :

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles while also valuing inclusive workplace experiences. By fostering a sense of community we drive innovation strengthen connections and nurture belonging. Our commitment ensures you can work in a way that suits you best while also engaging with colleagues to share ideas and build meaningful relationships.

Remote Work :

No

Employment Type :

Full-time