About the RolePolymarket is looking for a SOC Analyst to join our internal security operations team. You'll be responsible for monitoring, triaging, and responding to security events across our environment - working alongside fellow in-house analysts and coordinating with our contracted 24/7 third-party SOC provider, serving as the escalation point for confirmed or ambiguous threats that require institutional context and hands-on response.
What You'll Do- Monitor SIEM, EDR, NDR, and cloud security tooling for alerts, anomalies, and indicators of compromise; review and triage escalations from the third-party SOC provider
- Conduct proactive threat hunting using intelligence feeds, MITRE ATT&CK TTPs, and hypothesis-driven queries
- Lead containment, eradication, and recovery for confirmed incidents; coordinate with Engineering, Legal, and Leadership on high-severity events
- Respond to on-call pages per the team rotation schedule; write clear incident reports covering timeline, impact, root cause, and corrective actions
- Analyze malware samples, phishing campaigns, network traffic, and endpoint artifacts to determine scope and attacker TTPs
- Identify detection gaps and propose new SIEM rules, correlation logic, and tuning improvements
- Author and maintain SOC runbooks and playbooks used by both in-house and third-party teams; contribute to weekly/monthly reporting on incident trends and third-party SLA adherence
What We're Looking For- 2+ years of hands-on SOC, incident response, or security operations experience
- Proficiency with a SIEM platform (Palo Alto XSIAM preferred)
- Experience with EDR/XDR tooling (CrowdStrike, SentinelOne, or equivalent)
- Demonstrated ability to triage alerts including phishing, malware, lateral movement, and credential-based attacks
- Solid understanding of TCP/IP, DNS, HTTP/S, and common attack patterns
- Ability to read and write basic scripts or queries (Python, Bash, KQL, or SPL) to support analysis
- Availability for rotating shifts and participation in on-call rotation
- (Plus) Experience managing escalations to or from an MSSP or third-party SOC
- (Plus) Certifications such as CompTIA CySA+, GCIA, GCIH, or equivalent
- (Plus) Familiarity with cloud security tooling in AWS, GCP, or Azure
- (Plus) Knowledge of the blockchain, DeFi, or crypto-sector threat landscape
- (Plus) Experience with MITRE ATT&CK-based threat hunting or purple team exercises
Benefits- Competitive salary & equity
- Unlimited PTO
- Full Health, Vision, & Dental coverage
- 401k match
- Hardware setup: new MacBook Pro, big display, & accessories
