We are seeking a highly skilled and experienced Senior SOC Analyst to join our cybersecurity team. This role is critical in leading advanced incident response efforts, managing escalations from cross functional teams and working closely with our MDR partner to ensure rapid detection, containment, and remediation of security threats. The ideal candidate will have deep technical expertise, strong analytical skills, and a proactive mindset toward incident response and continuous improvement.
- A career built on defending digital infrastructure.
- A career focused on proactive threat detection and response.
- A career that protects critical assets and enables secure business operations.
Your Responsibilities on the Team
Incident Response & Threat Management
- Lead investigations of complex, high severity security incidents from detection through containment, remediation, and recovery, coordinating across internal teams and the MDR partner.
- Act as the primary escalation point for Tier 3 alerts and incidents and perform root cause analysis with actionable remediation plans.
- Serve as the primary liaison to the MDR provider: validate and triage MDR alerts, ensure alignment on response protocols and escalation procedures, and provide tuning recommendations to improve detection fidelity.
- Develop and maintain incident response playbooks, runbooks, and workflows.
- Analyze threat actor tactics, techniques, and procedures (TTPs) and translate findings into improved defenses and detection content.
Threat Hunting
- Conduct proactive, hypothesis-driven threat hunts across endpoint, identity, network, and cloud telemetry, leveraging threat intelligence and the MITRE ATT&CK framework to surface threats that evade automated detection.
- Operationalize hunt findings into durable detection logic and response procedures.
Automation & Process Improvement
- Identify recurring, manual, or manual heavy SOC processes and design automation to reduce analyst effort and accelerate response.
- Build, test, and maintain automated playbooks and response workflows in a SOAR platform (e.g., Torq, Microsoft Sentinel Automation Rules and Logic Apps) for enrichment, triage, containment, and case management.
- Develop, tune, and operationalize detection and correlation rules through automated validation and deployment.
- Measure the impact of automation against SOC performance metrics (MTTD, MTTR, alert volume, false-positive rate) and iterate based on results.
- Partner with Detection Engineering and Security Engineering to integrate tooling, close telemetry gaps, and standardize repeatable response.
Security Monitoring & Analysis
- Monitor and analyze logs and alerts across SIEM, EDR, identity, and cloud platforms.
- Correlate data across multiple sources to identify patterns, anomalies, and emerging threats.
- Maintain situational awareness of the external threat landscape and internal security posture.
Mentorship & Reporting
- Mentor Tier 1 and Tier 2 analysts, lead knowledge-sharing, and uplevel team investigative tradecraft and tooling proficiency.
- Document incident timelines, findings, and lessons learned.
- Track, analyze, and drive improvement of core SOC performance metrics (MTTD, MTTR, detection coverage, false-positive rate), and use them to prioritize tuning and automation efforts.
- Generate executive-level and technical reports on SOC performance and incidents, and support compliance and audit efforts through accurate record-keeping and evidence handling.
Requirements
- Minimum 5-7 years of experience in a cybersecurity operations role, with at least 3 years in a Tier 2/Tier 3 SOC or escalation capacity.
- CompTIA Security+ or equivalent.
- Proven experience leading incident response triage, investigation, and remediation, including working directly with MDR partners.
- In-depth knowledge of security tools and technologies, including SIEM/SOAR platforms (e.g., Microsoft Sentinel), endpoint detection and response solutions (e.g., Microsoft Defender XDR, Palo Alto Cortex XDR), and ticketing systems (e.g., ServiceNow).
- Demonstrated ability to author and tune detection content (e.g., KQL in Sentinel/Defender) and operationalize it into production.
- Experience analyzing cloud security telemetry (e.g., Azure/Entra sign-in logs, AWS CloudTrail).
- Hands-on experience building or maintaining automated playbooks and response workflows in a SOAR platform.
- Strong understanding of network security concepts, operating systems, and malware analysis techniques.
- Familiarity with the MITRE ATT&CK framework and threat intelligence platforms.
- Excellent analytical, problem-solving, and communication skills, with the ability to work under pressure and manage multiple priorities.
Preferred
- Certifications such as CISSP, GCIA, GCIH, GCFA, CySA+, eJPT/PJPT, CEH, SC-200.
- Scripting and automation skills (Python, PowerShell) for tooling, enrichment, and analysis.
- Experience supporting an EDR platform migration (e.g., Cortex XDR to Microsoft Defender XDR).
- Experience with or strong interest in AI-assisted triage and agentic SOC tooling to augment analyst workflows.
- Broader cloud security experience across AWS, Azure, and OCI.
- Experience with Microsoft Sentinel, Proofpoint, and Palo Alto Cortex XDR.
Work Environment
- Mandatory 4-days onsite; 1-days remote.
- On-call rotation may be required for critical incident response.
- Collaborative team environment with opportunities for growth and specialization.
This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice.
Life at Lennar
At Lennar, we are committed to fostering a supportive and enriching environment for our Associates, offering a comprehensive array of benefits designed to enhance their well-being and professional growth. Our Associates have access to robust health insurance plans, including Medical, Dental, and Vision coverage, ensuring their health needs are well taken care of. Our 401(k) Retirement Plan, complete with a $1 for $1 Company Match up to 5%, helps secure their financial future, while Paid Parental Leave and an Associate Assistance Plan provide essential support during life’s critical moments. To further support our Associates, we provide an Education Assistance Program and up to $30,000 in Adoption Assistance, underscoring our commitment to their diverse needs and aspirations. From the moment of hire, they can enjoy up to three weeks of vacation annually, alongside generous Holiday, Sick Leave, and Personal Day policies. Additionally, we offer a New Hire Referral Bonus Program, significant Home Purchase Discounts, and unique opportunities such as the Everyone’s Included Day. At Lennar, we believe in investing in our Associates, empowering them to thrive both personally and professionally. Lennar Associates will have access to these benefits as outlined by Lennar’s policies and applicable plan terms. Visit Lennartotalrewards.com to view our suite of benefits.
Join the fun and follow us on social media to see what’s happening at our company, and don’t forget to connect with us on Lennar: Overview | LinkedIn for the latest job opportunities.
