SOC Analyst /Incident Responder
ABOUT BLACK KITE
Black Kite is the global leader in third-party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business leaders a continuous, outside-in view of their entire vendor ecosystem — translating complex cyber, financial, and compliance signals into clear, actionable risk intelligence.
We go beyond open standards-based cyber ratings. Black Kite helps organizations make smarter risk decisions, strengthen business resilience, and scale their third-party cyber risk management programs in an increasingly complex digital environment. Our work has earned consistent recognition from customers and industry analysts alike.
WHY BLACK KITE
We’re a fast-moving, high-impact team solving one of the most critical challenges in cybersecurity today. If you’re looking to do meaningful work alongside sharp, collaborative people — and grow your career in a space that matters — you’re in the right place.
THE OPPORTUNITY
The SOC Analyst / Incident Responder is a mid-level security operations practitioner who owns their work. You will monitor and triage security events, lead incident investigations, execute response activities, and contribute to the continuous improvement of Black Kite's detection and response capability. You report to the SOC Manager and operate with meaningful autonomy on day-to-day security operations.
This is not a ticket-routing role. You bring analytical depth to alert investigations, structured thinking to escalations, and proactive energy to threat hunting. You work independently on assigned responsibilities, exercise judgment within established guidelines, and bring the SOC Manager in for decisions that warrant it — not for every event.
RESPONSIBILITIES
Security monitoring & alert triage
Monitor security events across email, endpoint, network, identity, and data loss prevention systems during assigned coverage windows
Triage incoming alerts — distinguish genuine threats from false positives, apply context, and prioritize response actions accordingly
Identify anomalous behavior patterns in log and telemetry data that may indicate threats not captured by automated detections
Maintain awareness of evolving attack techniques and apply that knowledge to daily detection and triage work
Incident response
Lead investigation and response for declared security incidents within scope — from initial detection through containment, eradication, and documentation
Execute established incident response playbooks accurately and completely; escalate to the SOC Manager when events exceed defined thresholds or require judgment outside the playbook
Coordinate with internal stakeholders — legal, operations, HR, and leadership — as appropriate during active incidents
Support threat hunting activities, proactively searching for indicators of compromise and undetected adversary activity
Conduct digital forensics analysis to support incident investigation and post-incident review
Documentation & reporting
Produce thorough, accurate incident reports documenting the full timeline, evidence chain, response actions taken, and recommendations
Present findings and case summaries to the SOC Manager and information security leadership on a routine basis
Maintain and improve incident handling procedures based on lessons learned from investigations
Research emerging threats, attack methods, and digital forensics techniques; share relevant findings with the broader security team
Security operations improvement
Identify gaps or inefficiencies in detection coverage and alert quality; bring concrete recommendations to the SOC Manager
Contribute to the refinement of playbooks, escalation criteria, and response procedures based on operational experience
Support Black Kite's security research function with technical review and proofreading of research content
WHAT YOU BRING
2–4 years of hands-on experience in security operations, incident response, or a closely related technical discipline
Solid working knowledge of incident response methodology — identification, containment, eradication, recovery, and post-incident review
Understanding of security architecture and networking fundamentals: TCP/IP, DNS, HTTP, SMTP, and common attack vectors at each layer
Working knowledge of Linux/Unix and Windows operating systems including command-line proficiency
Experience with at least one scripting language — Python or Bash — for log analysis, automation, or investigation support
Demonstrated ability to produce clear, structured incident documentation that can be read and understood by auditors and leadership
Exercises judgment within defined guidelines — knows when to act, when to escalate, and how to communicate the difference clearly
Comfortable working independently in a small, high-ownership team where initiative is expected
PREFERRED
Prior experience in a SOC, MSSP, or security operations function at a SaaS or cloud-native company
Familiarity with SIEM, DLP, endpoint detection and response, email security, or identity security platforms in an operational context
Experience with security assessment tooling — network scanners, vulnerability assessment tools, or forensics platforms
Active or in-progress certification: CompTIA CySA+, GIAC GCIH, CEH, or equivalent
Exposure to compliance-sensitive environments — FedRAMP, SOC 2, or ISO 27001 — where incident documentation quality has audit implications
The expected base salary range for this role is $75,000-85,000 per year. Compensation at Black Kite is more than just base pay — we offer a total rewards program that includes performance-based bonuses, equity, flexible healthcare options, paid time off, and retirement savings programs. The annual base salary range for this position represents a nationwide market range and reflects a broad spectrum of salaries for this role across the United States. Actual compensation will depend on factors such as qualifications, skills, experience, and the scope, complexity, and location of the role.