SOC Analyst II

Job Description

The current information security landscape is technically complex and constantly evolving. As a SOC Analyst II, you will use advanced security expertise to protect applications, systems, and networks by detecting, analyzing, and responding to security threats. You will work closely with infrastructure, cloud, and business teams to strengthen defensive capabilities and continuously improve security operations.

What You'll Do

• Serve as a lead analyst on one or more security efforts such as incident response, digital forensics, penetration testing, automation and integration, PKI infrastructure, or code security
• Provide expertise across multiple information security domains and mentor less experienced analysts as needed
• Monitor, analyze, and respond to security events using SIEM, IDS/IPS, EDR, DLP, endpoint protection, and firewall technologies
• Investigate security incidents including phishing, malware, and anomalous endpoint or network behavior
• Perform incident handling, digital forensics, continuous monitoring, and intrusion detection and prevention
• Collaborate with architects, risk professionals, and other security partners to implement preventive, detective, and corrective controls
• Develop, maintain, and improve security documentation, processes, and operational runbooks

What You'll Bring

• 3+ years of Security Operations Center experience
• Strong knowledge of security frameworks and regulations including NIST, ISO, PCI-DSS, FERPA, GLBA, GDPR, HIPAA, FTC, and privacy laws
• Experience working with AWS core services including networking, storage, database, and identity
• Working knowledge of integrating security controls throughout CI/CD pipelines and cloud environments
• Experience analyzing SIEM, network, system, and IDS alert logs and tuning detection content
• Familiarity with MITRE ATT&CK framework and use case and alert development aligned to it
• Proficiency with scripting and automation using languages such as Python or Bash
• Excellent analytical, problem-solving, and written and verbal communication skills

Bonus Points

• 8 years of Security Operations Center experience
• Advanced experience with penetration testing, threat detection engineering, or digital forensics
• Experience developing security documentation and end-user operating manuals
• Industry-recognized security certifications such as CISSP, GIAC, ISACA, CCSP, CCSK, or AWS security certifications

Experience in Lieu of Education: Equivalent relevant experience performing the essential functions of this role may be considered in place of formal education. Generally, one year of relevant experience may substitute for one year of education at the hiring manager's discretion.

What to Expect

At WGU, our mission drives everything we do, including how we hire. Our interview experience is designed to give qualified candidates the opportunity to show their best work through meaningful conversations and collaboration. We thoughtfully review every application and invite forward the candidates whose experience and potential best align with the role and our mission.

Interview Steps

• Introductory call
• Hiring manager interview
• Technical team interview

Work Location

This is a full-time, in-office position at WGU's office in Salt Lake City, Utah or Raleigh, North Carolina.

Visa Sponsorship

While we welcome applicants from all backgrounds, WGU is not able to provide visa sponsorship for this role.