SOC Analyst

SOC Analyst

Your Future Evolves Here

Evolent Health has a bold mission to change the health of the nation by changing the way health care is delivered. Our pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas, challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a difference working in everything from scrubs to jeans.

Are we growing? Absolutely and Globally. In 2021 we grew our teams by almost 50% and continue to grow even more in 2022. Are we recognized as a company you are supported by for your career and growth, and a great place to work? Definitely. Evolent Health International (Pune, India) has been certified as "Great Places to Work" in 2021. In 2020 and 2021 Evolent in the U.S. was both named Best Company for Women to Advance list by and earned a perfect score on the Human Rights Campaign (HRC) Foundation's Corporate Equality Index (CEI). This index is the nation's foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ+ workplace equality.

We recognize employees that live our values, give back to our communities each year, and are champions for bringing our whole selves to work each day. If you're looking for a place where your work can be personally and professionally rewarding, don't just join a company with a mission. Join a mission with a company behind it.

What You'll Be Doing:

Job Title: SOC Analyst

Experience: 3–4 years

Role Overview

We are looking for a proactive and skilled SOC Analyst to join our growing Security Operations Center (SOC) team. This role is essential to ensuring 24x7 security monitoring and incident response across our cloud and on-premise environments. The ideal candidate will have 2–3 years of cybersecurity experience, strong analytical skills, and a solid understanding of security tooling such as Zscaler, Microsoft Defender, CrowdStrike, and Elastic (SIEM/ELK).

You'll play a key role in detecting, analyzing, and responding to security incidents, as well as enhancing the overall security posture of Evolent Health's infrastructure.

Key Responsibilities

• Monitor and triage alerts from SIEM platforms including Elastic Stack, correlating data from Zscaler, Defender for Endpoint, CrowdStrike Falcon, and other security tools.
• Investigate suspicious activity and escalate confirmed incidents with detailed impact assessments.
• Support incident response lifecycle—including containment, eradication, and recovery—according to defined playbooks.
• Collaborate with senior analysts and threat intelligence teams to conduct in-depth investigations and recommend mitigations.
• Perform log analysis, packet capture review, and behavioral analytics to uncover advanced threats.
• Conduct proactive threat hunting using data across various telemetry sources (e.g., endpoint, network, cloud).
• Document investigation steps, findings, and resolution actions for audit and knowledge base purposes.
• Continuously tune SIEM rules, detection logic, and alert thresholds to reduce false positives and increase fidelity.
• Provide audit and compliance support during security assessments and regulatory evaluations.
• Participate in weekly SOC reviews and post-incident reviews to improve detection and response capabilities.
• Stay updated with the latest threat intel, CVEs, TTPs (MITRE ATT&CK), and industry best practices.

Qualifications & Skills

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or related field.
• 2–3 years of hands-on experience in a SOC or cybersecurity role, ideally in a 24x7 monitoring environment.
• Solid knowledge of:
  • Endpoint detection tools (CrowdStrike Falcon, Defender for Endpoint)
  • Network and cloud security solutions (Zscaler Internet Access/ZPA)
  • Open-source and commercial SIEM tools (preferably Elastic/ELK).
• Understanding of network protocols, log formats, and Windows/Linux/macOS security.
• Familiarity with MITRE ATT&CK, CVE/CVSS scoring, and vulnerability management principles.
• Strong communication and incident documentation skills.
• Willingness to work in rotational shifts for continuous 24x7 SOC coverage.
• Preferred certifications: CompTIA Security+, Microsoft SC-200, Elastic Certified Analyst, CrowdStrike Certified Falcon Responder, or similar.

#Li-remote

Mandatory Requirements:

Employees must have a high-speed broadband internet connection with a minimum speed of 50 Mbps and the ability to set up a wired connection to their home network to ensure effective remote work. These requirements may be updated as needed by the business.

​

Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status.