Sr. Security Analyst - Security Operations Center (SOC)

Requirements

• Minimum 5-7 years of experience in a cybersecurity operations role, with at least 3 years in a Tier 2/Tier 3 SOC or escalation capacity.
• CompTIA Security+ or equivalent.
• Proven experience leading incident response triage, investigation, and remediation, including working directly with MDR partners.
• In-depth knowledge of security tools and technologies, including SIEM/SOAR platforms (e.g., Microsoft Sentinel), endpoint detection and response solutions (e.g., Microsoft Defender XDR, Palo Alto Cortex XDR), and ticketing systems (e.g., ServiceNow).
• Demonstrated ability to author and tune detection content (e.g., KQL in Sentinel/Defender) and operationalize it into production.
• Experience analyzing cloud security telemetry (e.g., Azure/Entra sign-in logs, AWS CloudTrail).
• Hands-on experience building or maintaining automated playbooks and response workflows in a SOAR platform.
• Strong understanding

Additional Information

We are Lennar Lennar is one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live in, and fostering a culture of opportunity and growth for our Associates throughout their career. Lennar has been recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States. Join a Company that Empowers You to Build Your Future We are seeking a highly skilled and experienced Senior SOC Analyst to join our cybersecurity team. This role is critical in leading advanced incident response efforts, managing escalations from cross functional teams and working closely with our MDR partner to ensure rapid detection, containment, and remediation of security threats. The ideal candidate will have deep technical expertise, strong analytical skills, and a proactive mindset toward incident response and continuous improvement. A career built on defending digital infrastructure. A career focused on proactive threat detection and response. A career that protects critical assets and enables secure business operations. Your Responsibilities on the Team Incident Response & Threat Management Lead investigations of complex, high severity security incidents from detection through containment, remediation, and recovery, coordinating across internal teams and the MDR partner. Act as the primary escalation point for Tier 3 alerts and incidents and perform root cause analysis with actionable remediation plans. Serve as the primary liaison to the MDR provider: validate and triage MDR alerts, ensure alignment on response protocols and escalation procedures, and provide tuning recommendations to improve detection fidelity. Develop and maintain incident response playbooks, runbooks, and workflows. Analyze threat actor tactics, techniques, and procedures (TTPs) and translate findings into improved defenses and detection content. Threat Hunting Conduct proactive, hypothesis-driven threat hunts across endpoint, identity, network, and cloud telemetry, leveraging threat intelligence and the MITRE ATT&CK framework to surface threats that evade automated detection. Operationalize hunt findings into durable detection logic and response procedures. Automation & Process Improvement Identify recurring, manual, or manual heavy SOC processes and design automation to reduce analyst effort and accelerate response. Build, test, and maintain automated playbooks and response workflows in a SOAR platform (e.g., Torq, Microsoft Sentinel Automation Rules and Logic Apps) for enrichment, triage, containment, and case management. Develop, tune, and operationalize detection and correlation rules through automated validation and deployment. Measure the impact of automation against SOC performance metrics (MTTD, MTTR, alert volume, false-positive rate) and iterate based on results. Partner with Detection Engineering and Security Engineering to integrate tooling, close telemetry gaps, and standardize repeatable response. Security Monitoring & Analysis Monitor and analyze logs and alerts across SIEM, EDR, identity, and cloud platforms. Correlate data across multiple sources to identify patterns, anomalies, and emerging threats. Maintain situational awareness of the external threat landscape and internal security posture. Mentorship & Reporting Mentor Tier 1 and Tier 2 analysts, lead knowledge-sharing, and uplevel team investigative tradecraft and tooling proficiency. Document incident timelines, findings, and lessons learned. Track, analyze, and drive improvement of core SOC performance metrics (MTTD, MTTR, detection coverage, false-positive rate), and use them to prioritize tuning and automation efforts. Generate executive-level and technical reports on SOC performance and incidents, and support compliance and audit efforts through accurate record-keeping and evidence handling.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at lennar? Share your experience