Security Operations Center Analyst

Our client, a global leader in the Sports and Entertainment space, has an immediate long-term (open-ended with the possibility of conversion at some point) contract position for a SOC (Security Operations Center) Analyst. They're getting ready to implement Splunk and Cisco XDR, so this is a wonderful time to join the premier employer brand in Dallas!

We are seeking a skilled SOC Analyst to join our cybersecurity team. The ideal candidate will have strong experience with Microsoft Security technologies, advanced KQL proficiency, hands-on threat hunting, familiarity with Splunk, and (ideally) operational experience with Cisco XDR (or Microsoft Defender XDR at a minimum). This role focuses on proactive threat detection, investigation, and incident response across enterprise environments.

This role will be hybrid in nature (more onsite initially during training) and then transition to primarily remote (unless you want to go into an office; they are glad to accommodate that).

Key Responsibilities

Security Monitoring & Analysis

• Remotely monitor, triage, and investigate alerts across Microsoft Defender, Splunk, and Cisco XDR.
• Build and optimize KQL queries and Splunk searches for threat detection and response.
• Analyze endpoint, identity, cloud, and network telemetry to identify suspicious activity.

Threat Hunting

• Conduct proactive threat hunting across Microsoft Defender and Splunk datasets.
• Develop and maintain hunting queries and behavioral detections using KQL, Splunk SPL, and Cisco XDR telemetry.
• Identify new threat techniques and recommend enhancements to detection logic.

Incident Response

• Coordinate or lead incident response activities, including containment, remediation, and recovery.
• Document incidents, create timelines, and recommend corrective actions.
• Participate in post-incident reviews and continuous improvement.

Tooling & Technology Management

• Manage and optimize Microsoft Security solutions: Defender for Endpoint, O365, Identity, Cloud Apps, and Entra ID Protection.
• Utilize Cisco XDR to enrich investigations, correlate alerts, and support remediation.
• Support automated workflows and SOAR-based playbooks.

Collaboration & Reporting

• Work with IT teams to investigate and resolve threats.
• Provide documentation, analysis, and remediation recommendations.
• Assist with compliance reporting and audit preparation.

Required Skills & Qualifications

Technical Expertise

• Experience with Microsoft Defender XDR technologies
• Strong KQL query-writing skills for detection, hunting, and investigation
• Experience using Splunk for searching, alerting, and log analysis
• Familiarity with Cisco XDR for detection and response
• Understanding of cybersecurity frameworks (MITRE ATT&CK and NIST)

Experience

• 2–3 years in SOC operations, cybersecurity analysis, threat detection, or incident response

Soft Skills

• Strong analytical and problem-solving skills
• Excellent written and verbal communication
• Collaborative, proactive, and continuous improvement mindset