Sargent & Lundy · 18 hours ago
Senior SOC Analyst
Chicago, IL, US
Full-time
Hybrid
Mid, Senior Level
$100K/yr - $144K/yr
5+ years expSargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. The Senior SOC Analyst will act as the technical and process subject matter expert on the Security Operations team, providing technical leadership and mentorship while managing security operations and incident response.
ElectronicsEnergyInformation Technology
No H1B
Responsibilities
Manage the end-to-end vulnerability management lifecycle and direct the technical configurations and roadmap for the Qualys vulnerabilities scanning platform, ensuring comprehensive coverage across on-prem, cloud, and remote endpoints
Move beyond automated reporting to perform deep-dive analysis on complex vulnerabilities and coordinate with IT infrastructure and application owners for prioritization and creative remediation of vulnerabilities
Translate global threat intelligence into actionable Qualys scans and search queries to proactively identify "at-risk" assets
Act as the primary technical point of contact for the outsourced SOC provider (Crowdstrike, Cortex XSIAM platform). Hold the vendor accountable to defined Service Level Agreements (SLAs) and Key Performance Indicators (KPIs). Conduct weekly quality reviews of their "True Positive" alerts and provide feedback on their analysis
Maintain complete visibility into SIEM architecture (Splunk Cortex XSIAM platform). Ensure all critical log sources are properly ingested and parsed. You will own the log-onboarding process and validate that the SOC is receiving the telemetry they need to be effective
Collaborate with the SOC vendor to fine-tune correlation rules and use cases to reduce "noise" (false positives) while ensuring high-fidelity detection of "true positives."
Design and review executive dashboards that provide visibility into the health of the security environment and SOC performance
Serve as the senior technical lead during active security incidents, guiding junior staff through containment and eradication steps
Drive technical investigation, containment, and eradication phases. Lead "Lessons Learned" sessions following major incidents to identify root causes and implement preventative controls
Design and maintain technical incident response playbooks that the junior team can follow during initial triage
Manage forensic data collection and analysis, whether performed internally or through a third-party partner
Lead tabletop simulations for the internal team to build "muscle memory" for high-pressure scenarios
Design, build, and maintain operational and executive dashboards (e.g., in SIEM tools, Power BI, or Excel) that track: SOC performance (SLAs, MTTR, true/false positive rates), Vulnerability posture (exposure, remediation timelines, risk trends), Incident patterns, root causes, and control effectiveness
Translate data into clear insights and narratives for leadership, highlighting risk, performance, and trends, and recommending actions to improve security posture
Automate metrics and reporting wherever possible to ensure repeatability, accuracy, and timely visibility
Evaluate current security controls to identify "single points of failure" and propose architectural changes to improve the organization's ability to withstand attacks
Collaborate with business units to ensure security controls support the Business Impact Analysis (BIA) and recovery objectives. Partner with the Disaster Recovery team to ensure security tools are functional during recovery/failover scenarios
Provide daily technical guidance to junior analysts and interns (a team of 2 to 5). Conduct reviews of their analysis and help them grow their technical skill sets
Maintain a high-quality internal Knowledge Base for security operations procedures
Identify manual tasks performed by the team and lead automation efforts to improve efficiency
Qualification
Required
Bachelor's degree in computer science, information systems, or related field; or equivalent professional experience
5+ years of experience in relevant areas within the Information Security domains
Strong understanding of ISO 27001, SOC 2, NIST CSF and CMMC
Advanced proficiency with Qualys, SIEM platforms, DLP tool, understanding of technical details within the security events, CrowdStrike, Palo Alto Cortex XSIAM, Microsoft Defender, or similar tools
Strong focus on data analysis, dashboarding, KPIs/KRIs, and executive-ready reporting
Deep understanding of SIEM logic and log analysis (e.g., Splunk, Sentinel, or other relevant experience)
Experience managing security operations within cloud environments (Azure, or AWS)
Strong understanding of TCP/IP, DNS, WAF, and ZTNA concepts
Preferred
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
GCIH (GIAC Certified Incident Handler)
Or any other relevant industry recognized certification
Benefits
Health Plans: Medical, Dental, Vision
Life & Accident Insurance
Disability Coverage
Employee Assistance Program (EAP)
Back-Up Daycare
FSA & HSA
401(k)
Pre-Tax Commuter Account
Merit Scholarship Program
Employee Discount Program
Corporate Charitable Giving Program
Tuition Assistance
First Professional Licensure Bonus
Employee Referral Bonus
Paid Annual Personal/Sick Time (PST)
Paid Vacation
Paid Holidays
Paid Parental Leave
Paid Bereavement Leave
Flexible Work Arrangements
Company
Sargent & Lundy
Sargent & Lundy is a power generated company that provides technical expertise and integration for global use.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Thomas White
Retired
Recent News
Chicago Tribune
2025-11-08
2025-10-28
Company data provided by crunchbase