Lead Information Security Analyst (Individual Contributor)

Role Summary 

The Lead Information Security Analyst is a senior, hands-on security operations professional who directs the day-to-day work of threat detection, alert triage, and incident response within the Security Operations Center (SOC). The role combines deep technical expertise with technical and shift leadership to ensure consistent analyst performance, high-quality investigations, and reliable operational outcomes. 

Operating with significant autonomy within broad guidelines, the role configures and operates multiple security technologies, correlates and analyzes event data to identify threats, and leads investigations into complex and high-severity incidents. It also acts as a resource and mentor for less-experienced analysts and may lead small projects with manageable risk. 

Core Responsibilities 

Lead alert triage and event analysis across SIEM, EDR/XDR, cloud, and identity telemetry; manage alert queues, escalations, and SLAs. 

Investigate and contain complex, high-severity incidents (Tier 2/3) as technical lead or incident commander, maintaining high-quality case management and stakeholder communication. 

Develop and tune detection content, produce IOCs/IOAs, and support threat hunting mapped to MITRE ATT&CK to improve coverage and reduce false positives. 

Operate and improve SOC tooling and automation (SIEM/SOAR), maintain metrics and dashboards, and support vulnerability remediation and cloud/on-prem reviews. 

Uphold security standards, compliance, and audit requirements, and mentor analysts while driving awareness, training, and post-incident improvements. 

Key Requirements 

Strong, hands-on expertise in SOC operations, SIEM/SOAR, EDR/XDR, and the incident response lifecycle (NIST SP 800-61). 

Proficiency in event/log correlation, detection development and tuning, and threat hunting using MITRE ATT&CK, IOCs, and TTPs. 

Working knowledge of cloud security (Azure/AWS/GCP), identity security (Entra ID/Okta/AD), and scripting/automation (Python, PowerShell, KQL/SPL). 

Understanding of security frameworks, vulnerability management, and governance/compliance, plus strong communication and problem-solving skills. 

Education 

Bachelor’s or Master’s in Cybersecurity, Computer Science, or related field (or equivalent practical experience). 

Experience 

6–9 years of experience in cybersecurity, including hands-on SOC operations, security monitoring, incident response, and event analysis. 

Tier 2 / Tier 3 (senior analyst) experience leading complex, high-severity investigations. 

Exposure to a global, 24x7 SOC environment. 

Certifications (Preferred) 

CompTIA CySA+ / SecurityX, or equivalent. 

GIAC (GCIA, GCIH, GCFA, GCED) or SANS GSOC (SEC450). 

Microsoft SC-200 / AZ-500 or equivalent; CISSP or CISM a plus.