SOC Analyst

About Turing

Based in San Francisco, California, Turing is the world’s leading research accelerator for frontier AI labs and a trusted partner for global enterprises looking to deploy advanced AI systems. Turing accelerates frontier research with high-quality data, specialized talent, and training pipelines that advance thinking, reasoning, coding, multimodality, and STEM. For enterprises, Turing builds proprietary intelligence systems that integrate AI into mission-critical workflows, unlock transformative outcomes, and drive lasting competitive advantage.

Recognized by Forbes, The Information, and Fast Company among the world’s top innovators, Turing’s leadership team includes AI technologists from Meta, Google, Microsoft, Apple, Amazon, McKinsey, Bain, Stanford, Caltech, and MIT. Learn more at www.turing.com

Overview

We are seeking a proactive and detail-oriented Security Operation Center Analyst to join our global security operations team. Split between India and Brazil, this role is critical to strengthening our frontline cyber defense capabilities. You will be responsible for triaging alerts, conducting initial investigations, handling low-complexity incidents, and escalating critical threats. The ideal candidate thrives in a fast-paced SOC environment, has a passion for cybersecurity, and is eager to grow in incident response, threat detection, and operational support.

Responsibilities:

• Review and analyze alerts escalated by the MDR team via Google Chronicle.
• Perform deep-dive investigations into suspicious activity across identity, SaaS, endpoint, and cloud logs.
• Incident response activities for medium-to-high severity incidents, including containment, eradication, and recovery (e.g., disabling user accounts, blocking malicious IPs).
• Escalate complex or high-impact incidents to Senior Analysts / Incident Response Engineer or relevant stakeholders for further investigation.
• Periodically audit alert rules, integrations, and logging health.
• Coordinate with DevOps and application teams to triage vulnerability findings from Rapid7 platforms (InsightVM, CloudSec, AppSec), communicate remediation needs, and track resolution progress.
• Own the triage and response process for security alerts from MDR, EDR, and cloud platforms, ensuring actions are taken within defined service level agreements (SLAs). Escalate potential breaches or blockers to maintain response effectiveness.
• Suggest automation opportunities for enrichment, containment, or playbook actions.
• Monitor the performance and availability of security tools (e.g., Google SecOps, Rapid7, EDR platforms).
• Triage and investigate endpoint detection and response (EDR) alerts from CrowdStrike or similar tools.
• Conduct regular threat hunting to proactively identify potential compromises.
• Identify threat actor tactics, techniques, and procedures (TTPs) and map to MITRE ATT&CK when relevant.
• Work closely with internal stakeholders and MDR partners to iterate on SOAR automation, ensuring playbooks align with Turing’s detection use cases and operational goals.
• Maintain detailed documentation for each incident using approved tooling (e.g., Jira, Google Docs).
• Provide feedback on SOAR actions and Chronicle detection rules based on observed MITRE ATT&CK patterns, and suggest tuning or coverage improvements.

Qualifications Needed:

• Required Skills:
• 3 - 5 years of hands-on experience in a Security Operations Centre (SOC) or similar cybersecurity role, ideally in a cloud-native or SaaS environment.
• Strong grasp of alert triage, incident detection, and containment fundamentals, including how to assess severity and escalate appropriately.
• Familiarity with SIEM, EDR, and vulnerability management platforms, with an ability to investigate and correlate findings across these tools.
• Working knowledge of network protocols, log types, and attacker TTPs, especially across cloud and SaaS environments.
• Ability to follow incident response playbooks and SOPs with precision.
• Proficiency in managing security tickets and documenting investigative steps clearly.
• Excellent analytical skills with a high attention to detail and a sense of urgency.
• Good written and verbal communication skills, especially for documenting incidents and collaborating with peers across time zones.
• Excellent communication skills, both written and verbal.
  
  
• Good To Have:
• Experience working in a co-managed SOC or MDR-supported environment.
• Strong understanding of alert triage, incident detection, and basic containment procedures.
• Exposure to cloud and SaaS platform logs (e.g., Google Workspace, Okta, GitHub).
• Familiarity with the MITRE ATT&CK framework for mapping attacker techniques.
• Basic familiarity with scripting or automation tooling, including formats like YAML, Python, Bash, Sigma, or UDM.
• Excellent analytical skills with a high attention to detail and a sense of urgency.
• Good written and verbal communication skills, especially for documenting incidents and collaborating with peers across time zones.
• One or more relevant certifications (CEF Certified Ethical Hacker (CEF-CEH), CompTIA Security+, etc.).

Values:

• We are client first: We put our clients at the center of everything we do, because their success is the ultimate measure of our value.
• We work at Start-Up Speed: We move fast, stay agile and favor action because momentum is the foundation of perfection
• We are Al forward: We help our clients build the future of Al and implement it in our own roles and workflow to amplify productivity.

Advantages of joining Turing: