Security Operations Center Analyst

About US

At ServCrust, we're transforming the way stone aggregates are sourced and delivered for construction

projects. Our digital platform simplifies procurement, improves efficiency, and ensures consistent quality

— helping construction companies, contractors, and developers access the materials they need quickly

and reliably. We blend innovation and technology to bring transparency and ease to the construction

supply chain.

Role Overview

We are seeking a skilled and proactive SOC Analyst / Threat Hunter (L2) to join our Security Operations

Center. This role is responsible for conducting in-depth investigations of security events, engaging in

proactive threat hunting,and contributing to incident response activities. The analyst will also support the

tuning of detection logic, monitoring tool health, and security operations across both on-premises and

AWS cloud environments. The role sits at the core of our operational defense capability.

Key Responsibilities

1. Security Operations, Incident Response & Cloud Security

• Triage and investigate alerts from SIEM, EDR, NDR, and CSPM platforms.

• Correlate logs from endpoints, network, and cloud-native services.

• Investigate escalated alerts related to IAM misuse, anomalous API calls, privilege

escalations, exposed storage (e.g., S3 buckets), and suspicious cloud workloads.

• Assist in containment and response of cloud-based incidents: isolate workloads, revoke

keys, suspend IAM users, apply NSG/security group modifications.

• Perform root cause analysis and support recovery actions for both cloud and on-prem

threats.

• Validate security tool status across environments, including CSPM/CIEM tools and ensure

coverage across cloud workloads.

• Participate in post-incident reviews, update cloud-specific playbooks and ensure IR

readiness across hybrid environments.

2. Threat Hunting, Detection Engineering & Continuous Improvement

• Conduct proactive threat hunts across cloud and on-prem logs to uncover hidden threats.

• Use cloud telemetry to detect behavioral anomalies or policy violations.

• Leverage threat intel and TTPs to hunt for signs of known actor techniques across the

environment (MITRE ATT&CK for Cloud).

• Work with engineering teams to fine-tune and improve cloud-specific detections (e.g.,

alerting on disabled logging, overly permissive IAM, use of stolen API keys).

• Develop or update detection rules and recommend automation playbooks for cloud

incident response.

• Share hunting findings and detection improvements in weekly SOC knowledge sessions.

• Document use cases, lessons learned, and detection enhancements for broader SOC

adoption.

Weekly / Monthly Contributions

• Participate in IR reviews and quality assurance across hybrid threats.

• Review cloud account posture using CSPM tools and flag unresolved misconfigurations.

• Analyze cloud activity trends and deliver reporting on identity risks, misconfigurations, and

emerging attack patterns.

• Contribute to red team debriefs and cloud simulation test cases, update and maintain

playbooks.

• Support cross-training within SOC for improved cloud security operations maturity.

Required Qualifications

• 2–4 years in a SOC, IR, or security monitoring role.

• Hands-on experience with log analysis and investigation in cloud platforms: AWS

(CloudWatch, CloudTrail, GuardDuty).

• Solid grasp of attacker TTPs in cloud environments: exposed credentials, over-permissioned

roles, container abuse, cloud lateral movement.

• Proficiency with SIEM/EDR platforms and investigation workflows.

• Basic scripting or automation knowledge (Python, PowerShell, Boto3, etc.).

• Familiarity with cloud-native security tools (AWS Config).

• Certifications like CySA+, AWS Security Specialty are desirable.

Soft Skills & Traits

• Investigative mindset with high attention to detail.

• Collaborative team player with strong communication skills.

• Ability to work under pressure in live incidents or fast-paced SOC environments.

• Curiosity-driven attitude toward evolving threats and cloud services.