Soc Analyst III at Applied Tech Solutions, LLC – Brookfield, Wisconsin

SOC Analyst III

Cybersecurity Manager

Exempt

The SOC Analyst III is a senior Security Operations / Incident Response (SOC/IR) practitioner with five or more years of cybersecurity experience. This role is responsible for leading investigation, containment, eradication, and recovery activities for security incidents across client environments, producing clear incident communications, and driving high-quality outcomes.

Strong security decision-making in this role is built on a solid systems and network administration foundation. You are expected to understand how Windows, identity, endpoints, servers, networks, and cloud services operate so you can accurately assess impact, identify root cause, and recommend practical remediation that works in real client environments.

• Lead end-to-end security incident response (triage, investigation, containment, eradication, and recovery) and coordinate technical execution across internal teams and clients
• Own the security event and incident intake process: validate alerts, determine severity, open/route incidents, and drive appropriate escalation
• Investigate and respond to suspected and confirmed security incidents, including evidence collection, analysis, containment actions, and documented outcomes
• Address time-sensitive security events promptly, following defined response targets and escalation paths
• Identify, categorize, and manage incidents according to severity, scope, and business impact
• Ensure accurate timelines, evidence, and artifacts are recorded
• Apply deep systems and network administration knowledge to accurately assess impact, scope incidents, and recommend durable fixes
• Partner cross-functionally with the Vulnerability Management team to interpret findings and scope remediation work from third-party assessments (e.g., penetration tests and vulnerability scans)
• Provide timely, professional incident communications to clients, including C-Suite executives, as well as DFIR teams, attorneys, and cyber insurance during high-stress security incidents
• Communicate technical risk and response actions to executive and non-technical stakeholders in a clear, calm, and actionable manner
• Mentor SOC Analysts I/II and serve as an escalation point for complex investigations and incident response decisions
• Collaborate positively and effectively with stakeholders across the organization, from Service Desk to Account Management, Platform, Internal IT, etc.
• Effectively leverage ConnectWise Manage for incident intake, workflow, documentation, client updates, and escalation coordination
• Field incoming alerts and incidents while progressing multiple investigations in parallel; meet deadlines, maintain accurate documentation, and communicate status/next steps clearly
• Contribute to continuous improvement of SOC/IR processes (runbooks, playbooks, lessons learned, and detection improvements)
• Provide risk-based recommendations after investigations to reduce recurrence, improve security posture, and align remediation to client operational realities
• Monitor CVE and Zero Day Vulnerabilities
• Work with department to implement CVE/Zero-day Workarounds and Hotfixes
• NGAV & EDR Maintenance/Monitoring/Troubleshooting
• Create and tune SIEM detections, correlation rules, and alerting to improve signal quality and reduce false positives
• SIEM Maintenance/Monitoring/Troubleshooting
• Administer and tune Microsoft Entra ID (Azure AD) Conditional Access policies
• Provide guidance and on and implement Security Best Practices
• Firewall Maintenance/Monitoring/Troubleshooting
• Produce incident reports (timelines, scope, actions taken, business impact, and recommendations) suitable for technical and executive audiences
• Implement and validate security-related configuration changes at scale using scripting/automation (PowerShell and/or Microsoft Graph), including delegated administration models such as CSP and GDAP
• Create and maintain documentation for the SOC team as well as Service Desk
• Security Root cause analysis
• Travel to client sites as needed

• Five or more years of relevant experience in cybersecurity, including security operations and incident response, built on strong systems and network administration fundamentals
• Candidates must also have a degree in a relevant field of study OR a combination of equivalent certifications and equivalent work experience.
• Candidates with Linux/Unix administration experience highly desirable in this role
• Excellent communication and customer service experience
• Active DL and proof of Auto Insurance
• Experience with managing multiple integrated applications and projects related to ongoing improvements and enhancements
• Strong understanding of networking fundamentals (TCP/IP, DNS, DHCP, routing/firewalls, VPNs) and the ability to apply that knowledge during investigations
• A highly proficient level of experience with Windows Operating Systems is required.
• Proficiency in all Microsoft Operating Systems and Applications.
• Experience managing vendor relationships
• Preferred certifications (or equivalent demonstrated experience): CompTIA Security+ or CySA+, GIAC (e.g., GCIH/GCIA), and/or Microsoft security certifications (e.g., SC-200, AZ-500)
• Working knowledge of incident response concepts and frameworks (e.g., NIST 800-61) including scoping, containment strategy, evidence preservation, and post-incident lessons learned
• Ability to interpret third-party vulnerability scan and penetration test reports and translate findings into practical remediation scope, priorities, and validation steps
• Working knowledge of server applications and services (Exchange, Active Directory, SQL, Backup Solutions, etc.)
• Strong understanding of endpoint, identity, and email security concepts (malware behavior, persistence, credential theft, phishing/BEC tradecraft, and common remediation approaches)
• Experience administering virtualization technology, including Hyper-V and VMWare ESX
• Working knowledge of corporate backup solutions.
• Strong proficiency with O365 administration and support is highly desirable
• Experience administering Microsoft Entra ID (Azure AD) including Conditional Access, MFA, and identity security controls; familiarity with MSP delegated access models (CSP/GDAP) preferred
• Proficiency with PowerShell scripting highly desirable
• Extended after-hours work may be compensated at Applied Tech discretion

Leadership/Mentoring

• Demonstrates daily leadership and provides mentorship and growth plans. Inspires others through vision, confidence, and recognition. Develops people by aligning work with their strengths and encouraging growth through coaching.

Supervision/Autonomy

• Independently sets direction and scope of work, evaluates others, and makes productivity decisions. Creates accountability by holding self and others responsible while empowering individuals to own outcomes through their strengths.

Planning/Organization

• Organizes and prioritizes work from multiple sources to maintain productivity. Leads change by setting clear goals and guiding adaptation. Delegates tasks to maximize individual strengths.

Process Management

• Understands, follows, and improves processes within defined areas. Adapts to change effectively. Thinks critically by building on strengths, evaluating information, and driving smarter decisions.

Communication

• Communicates clearly and professionally in writing and speech. Explains complex concepts with poise and ensures understanding. Tailors communication to the strengths and needs of the audience.

People Skills/Conflict Management

• Builds trust and collaboration by valuing diverse strengths. Demonstrates confidence in high-pressure situations, resolves conflicts effectively, and manages individuals across a wide range of personalities and abilities.

NOTE: This job description is not intended to be all-inclusive. Employees may perform other related duties as requested to meet the ongoing needs of the organization.

Employees must be a “U.S. Person” within the meaning of the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), and the Company will not be applying for licenses for individuals not meeting those definitions.