Apply on Employer Site

Saks Global · 4 hours ago

Sr. Analyst, CSOC

SF_0699_NEW YORK CP

Full-time

Hybrid

Mid, Senior Level

$108K/yr - $138K/yr

5+ years exp

Saks Global is the largest multi-brand luxury retailer in the world, and they are seeking a Sr. Analyst for their Cyber Security Operations Center (CSOC). This role focuses on designing and improving security detections across cloud and enterprise environments, partnering with various teams to translate attacker behaviors into scalable detections.

Property ManagementReal EstateReal Estate Investment

Responsibilities

Design, develop, and maintain high-quality detections aligned to real-world adversary behaviours and MITRE ATT&CK techniques

Engineer detections across SIEM, EDR, cloud-native security tools, and log pipelines

Reduce false positives through tuning, enrichment, and behavioural correlation

Support incident response by improving alert fidelity and investigative context

Work with cloud-native logs (CloudTrail, Azure Activity Logs, etc.)

Build and manage detections using Detection-as-Code principles (version control, CI/CD, testing, peer review)

Develop detections in formats such as YAML, Sigma, KQL, SPL, JSON, or custom rule frameworks

Implement automated testing and validation of detections using replayed attack data and simulations

Maintain detection repositories with clear documentation, ownership, and lifecycle management

Translate threat intelligence, IOCs, TTPs, and attack reports into actionable detections

Develop behaviour-based detections for advanced threat actors, not just indicator-based alerts

Partner with Red Team / Purple Team to validate detections against real attack paths

Continuously improve coverage in response to emerging threats and incident learnings

Write production-quality code to automate detection deployment, enrichment, and response

Build tooling for detection testing, telemetry validation, and metrics

Integrate detections with automation and response workflows

Experience or a deep understanding of building and integrating AI workflows

Qualification

Detection EngineeringCloud SecurityDetection-as-CodeSIEM ManagementPythonThreat IntelligenceIncident ResponseAnalytical SkillsTeam CollaborationProblem Solving

Required

Bachelor's Degree: in Computer Science, Cybersecurity, Information Technology, or a related field

Demonstrated experience in designing and implementing security detections

Minimum 5 years of experience in Security Operations (SOC) roles

Deep understanding and hands-on experience with major cloud platforms (AWS, Azure), specifically focusing on Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) security controls, APIs, and logging/querying (e.g., CloudWatch Logs/Metrics, Azure Monitor, Azure Activity Log, Splunk, Sigma for Azure/AWS)

Strong proficiency in at least one scripting/programming language (Python highly preferred). Ability to write, test, and debug code for detection logic and automation

Demonstrable experience with detection-as-code principles and specific frameworks (e.g., Sigma, YARA, custom scripts). Experience managing detection lifecycles using version control systems (Git)

Proven hands-on experience configuring, managing, and querying SIEM platforms

Experience incorporating threat intelligence (e.g., threat feeds, IoCs, YARA rules, OpenIOC) into detection logic and automated responses

Solid grasp of network security, cloud security fundamentals, incident response lifecycles, and common attack vectors (e.g., malware, phishing, APTs)

Excellent analytical abilities to dissect complex problems, identify patterns, and develop effective detection strategies