Security Operations Analyst

Security Operations Analyst

enterprise mssp | ai-augmented soc | detection engineering focus

Location:

Remote Costa Rica or Argentina (u.s. time zone alignment required)

Who we are:

We operate a next-generation, ai-augmented security operations center supporting enterprise clients across multiple industries. This is not a traditional alert-triage soc role.

Our analysts investigate sophisticated threats, engineer high-fidelity detections, leverage ai to accelerate analysis, and continuously improve how security operations are executed across multiple client environments.

If you are looking to simply manage a queue, this is not the role.

If you want ownership over investigation quality, detection precision, and automation impact…keep reading.

What you will own

enterprise-grade investigations

• lead structured investigations across siem, edr, email security, and cloud telemetry
• determine root cause and blast radius — not just close alerts
• correlate telemetry with threat intelligence to assess impact
• deliver clear, executive-ready findings tailored to enterprise stakeholders
• support containment, eradication, and recovery efforts

detection engineering & threat hunting

• develop and tune siem detection rules across multiple environments
• create and refine yara rules for malware detection
• engineer new detection use cases aligned to emerging threats
• conduct hypothesis-driven threat hunts
• reduce false positives through precision tuning
• map detections to mitre attack where appropriate

you will influence detection quality directly, not just consume alerts.

ai-augmented analysis & automation

• leverage ai tooling to accelerate log analysis and enrichment
• validate ai outputs and refine workflows
• identify repetitive investigative tasks suitable for automation
• collaborate on operationalizing ai-assisted playbooks
• increase efficiency without sacrificing analytical rigor

ai is an accelerator, not a substitute for judgement.

continuous improvement

• conduct post-incident detection gap reviews
• translate lessons learned into measurable detection improvements
• contribute to knowledge base and investigation standards
• track and improve operational performance metrics

Required Technical Experience

• hands-on experience with at least one major siem platform (splunk, sentinel, elastic, google secops, qradar, etc.)
• experience with edr/xdr platforms (crowdstrike, sentinelone, defender, etc.)
• detection rule creation or tuning experience
• experience writing or modifying yara rules
• understanding of windows, linux, and cloud telemetry
• threat intelligence and ioc handling experience
• incident response lifecycle familiarity
• scripting capability (python, powershell, or similar)
• strong written english for client-facing reporting

It would be great if you have

• mssp or multi-tenant enterprise experience
• soar exposure
• mitre att&ck mapping experience
• cloud security investigation (aws/azure/gcp)
• experience reducing false positives at scale
• experience using ai tools in investigation workflows
• malware analysis fundamentals

we value

• ownership over outcomes
• analytical discipline
• technical curiosity
• clear business communication
• calm under pressure
• comfort operating across multiple enterprise environments

If you want to grow beyond traditional soc boundaries and help shape modern security operations, we want to meet you.