Security Operations Analyst
enterprise mssp | ai-augmented soc | detection engineering focus
Location:
Remote Costa Rica or Argentina (u.s. time zone alignment required)
Who we are:
We operate a next-generation, ai-augmented security operations center supporting enterprise clients across multiple industries. This is not a traditional alert-triage soc role.
Our analysts investigate sophisticated threats, engineer high-fidelity detections, leverage ai to accelerate analysis, and continuously improve how security operations are executed across multiple client environments.
If you are looking to simply manage a queue, this is not the role.
If you want ownership over investigation quality, detection precision, and automation impact…keep reading.
What you will own
enterprise-grade investigations
lead structured investigations across siem, edr, email security, and cloud telemetry
determine root cause and blast radius — not just close alerts
correlate telemetry with threat intelligence to assess impact
deliver clear, executive-ready findings tailored to enterprise stakeholders
support containment, eradication, and recovery efforts
detection engineering & threat hunting
develop and tune siem detection rules across multiple environments
create and refine yara rules for malware detection
engineer new detection use cases aligned to emerging threats
conduct hypothesis-driven threat hunts
reduce false positives through precision tuning
map detections to mitre attack where appropriate
you will influence detection quality directly, not just consume alerts.
ai-augmented analysis & automation
leverage ai tooling to accelerate log analysis and enrichment
validate ai outputs and refine workflows
identify repetitive investigative tasks suitable for automation
collaborate on operationalizing ai-assisted playbooks
increase efficiency without sacrificing analytical rigor
ai is an accelerator, not a substitute for judgement.
continuous improvement
conduct post-incident detection gap reviews
translate lessons learned into measurable detection improvements
contribute to knowledge base and investigation standards
track and improve operational performance metrics
Required Technical Experience
hands-on experience with at least one major siem platform (splunk, sentinel, elastic, google secops, qradar, etc.)
experience with edr/xdr platforms (crowdstrike, sentinelone, defender, etc.)
detection rule creation or tuning experience
experience writing or modifying yara rules
understanding of windows, linux, and cloud telemetry
threat intelligence and ioc handling experience
incident response lifecycle familiarity
scripting capability (python, powershell, or similar)
strong written english for client-facing reporting
It would be great if you have
mssp or multi-tenant enterprise experience
soar exposure
mitre att&ck mapping experience
cloud security investigation (aws/azure/gcp)
experience reducing false positives at scale
experience using ai tools in investigation workflows
malware analysis fundamentals
we value
ownership over outcomes
analytical discipline
technical curiosity
clear business communication
calm under pressure
comfort operating across multiple enterprise environments
If you want to grow beyond traditional soc boundaries and help shape modern security operations, we want to meet you.
