Security Operations Analyst

Unqork empowers enterprises to accelerate growth by rapidly building, testing, and running AI-powered applications that embody the future of enterprise development. Trusted by the world’s largest organizations in highly regulated industries, these applications become more secure over time while significantly reducing technical debt—allowing businesses to focus on innovation rather than maintenance. Unqork’s customers include Goldman Sachs, Marsh, BlackRock, and the U.S. Department of Health and Human Services. 

At Unqork, we value inclusive and innovative thinkers who boldly challenge the status quo. We encourage you to apply! 

As a Security Operations Analyst, you will be an analytical and thorough individual contributor reporting to the Director of Security Operations. You will play a role in Threat Detection & Response, Threat Intelligence and Hunting, Technical Security Architecture, IT Operations, and SIEM and SOAR engineering. Your primary focus will be to proactively and reactively protect and defend our critical assets against an evolving threat landscape. 

• Security Monitoring & Alert Triage Actively monitor SIEM, EDR/XDR, and other security tools to detect, analyze, and triage security alerts. Follow established playbooks to ensure timely and accurate initial response to potential threats.
• Process Efficiency & Automation Utilize existing Security Orchestration, Automation, and Response (SOAR) platforms to handle alerts efficiently. Identify repetitive manual tasks and implement automations.
• SIEM & Detection Engineering Integrate and set up the ingestion of log sources to a SIEM tool, including the normalization of fields and data. Create timely monitoring solutions for relevant threats based on active threat intelligence. Share responsibility for detection and log lifecycle / maintenance.
• Threat Intelligence Consume and review daily threat intelligence feeds, security advisories, and industry alerts to ensure the company is protected against known Indicators of Compromise (IoCs) and emerging threat trends.
• IT Operations & Asset Security Work closely with IT Operations to maintain accurate hardware and software asset inventories. Assist in deploying and troubleshooting endpoint security agents to ensure a secure baseline for all employee devices.
• Cross-Functional Technical Partnership: Collaborate extensively with resources in Engineering, Product, IT, and other departments to embed operational security requirements, influence architectural decisions for detectability, and foster a strong security culture. Serve as the primary security technical expert for these partnerships.
• Compliance & Operational Reporting: Assist in generating routine security metrics and operational reports. Help gather technical evidence to support adherence to security policies and compliance audits (e.g., SOC 2, ISO 27001).

• 3+ years of progressive experience in Security Operations, with at least 2  years in a role contributing to a Security Operations Center (SOC), Managed Detection Response Service, or Incident Response team.
• Proven track record as an engineer, having designed, implemented, and managed mature SOC processes and automations. 
• Proven hands-on Python experience.
• Proven hands-on technical expertise in threat detection, incident response, vulnerability management, and the use of SIEM, EDR/XDR, other security monitoring platforms, IAM solutions and processes.
• Strong understanding of modern security threats, attack vectors, and defensive strategies.
• Expertise in security frameworks (e.g., NIST, MITRE ATT&CK) and their practical application in threat detection, analysis, and incident response.
• Exceptional communication and interpersonal skills, with the ability to influence and effectively collaborate with technical and non-technical stakeholders at all levels, including executive leadership.
• Demonstrated ability to translate complex operational security incidents and risks into clear, actionable strategies and communicate effectively to diverse audiences.
• Relevant industry certifications highly preferred (e.g., CISSP, CISM, GCIH, GCIA, or OSCP).
• Bachelor's degree in Computer Science, Information Security, or a related technical field; Master's degree a plus.