Senior SOC Analyst

Sargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. Since 1891, we have provided comprehensive engineering, design, and consulting services for both traditional and renewable power generation, grid modernization, nuclear power, and beyond. Our mission is to help clients achieve their energy goals effectively by leveraging advanced technologies and adopting sustainable practices.

Role Overview

The Senior Information Security Analyst - Security Operations acts as the technical and process subject matter expert on the Security Operations team. This is a "player-coach" role designed for a high-level individual contributor who possesses deep technical expertise in Security Events and Information Management (SIEM),  Security Operations (SOC) Management, incident response and Vulnerabilities Management, while also providing technical leadership and mentorship to junior analysts and interns. 

The successful candidate will bridge the gap between high-level strategy and hands-on execution, ensuring our outsourced SOC vendor delivers high-quality results. You will design, maintain, and interpret KPI/KRI dashboards that track SOC performance, vulnerability risk, incident trends, and control effectiveness, providing executive-ready reporting that drives accountability and informs leadership decisions. 

Core Responsibilities

1. Vulnerability & Threat Management 

• Program Technical Lead: Manage the end-to-end vulnerability management lifecycle and direct the technical configurations and roadmap for the Qualys vulnerabilities scanning platform, ensuring comprehensive coverage across on-prem, cloud, and remote endpoints. 
• Advanced Analysis and Stakeholder Coordination: Move beyond automated reporting to perform deep-dive analysis on complex vulnerabilities and coordinate with IT infrastructure and application owners for prioritization and creative remediation of vulnerabilities. 
• Threat Intelligence Integration: Translate global threat intelligence into actionable Qualys scans and search queries to proactively identify "at-risk" assets.

2. SIEM/SOC Management & Coordination

• Vendor Technical Oversight: Act as the primary technical point of contact for the outsourced SOC provider (Crowdstrike,  Cortex XSIAM platform). Hold the vendor accountable to defined Service Level Agreements (SLAs) and Key Performance Indicators (KPIs). Conduct weekly quality reviews of their "True Positive" alerts and provide feedback on their analysis. 
• SIEM Governance: Maintain complete visibility into SIEM architecture (Splunk  Cortex XSIAM platform). Ensure all critical log sources are properly ingested and parsed. You will own the log-onboarding process and validate that the SOC is receiving the telemetry they need to be effective. 
• Rule Tuning: Collaborate with the SOC vendor to fine-tune correlation rules and use cases to reduce "noise" (false positives) while ensuring high-fidelity detection of "true positives." 
• Reporting: Design and review executive dashboards that provide visibility into the health of the security environment and SOC performance.

3. Incident Management & Response

• Lead Responder: Serve as the senior technical lead during active security incidents, guiding junior staff through containment and eradication steps. 
• Incident Life Cycle Management: Drive technical investigation, containment, and eradication phases. Lead "Lessons Learned" sessions following major incidents to identify root causes and implement preventative controls. 
• Playbook Development: Design and maintain technical incident response playbooks that the junior team can follow during initial triage. 
• Forensic Coordination and Oversight: Manage forensic data collection and analysis, whether performed internally or through a third-party partner. 
• Operational Readiness: Lead tabletop simulations for the internal team to build "muscle memory" for high-pressure scenarios. 

4. Drive data analysis, dashboards, and executive reporting  

• Design, build, and maintain operational and executive dashboards (e.g., in SIEM tools, Power BI, or Excel) that track:  
• SOC performance (SLAs, MTTR, true/false positive rates)  
• Vulnerability posture (exposure, remediation timelines, risk trends)  
• Incident patterns, root causes, and control effectiveness  
• Translate data into clear insights and narratives for leadership, highlighting risk, performance, and trends, and recommending actions to improve security posture.  
• Automate metrics and reporting wherever possible to ensure repeatability, accuracy, and timely visibility.  

5.Security Resiliency & Continuity

• Resilience Engineering: Evaluate current security controls to identify "single points of failure" and propose architectural changes to improve the organization's ability to withstand attacks. 
• Business Continuity (BCP) and Disaster Recovery (DR) Support: Collaborate with business units to ensure security controls support the Business Impact Analysis (BIA) and recovery objectives. Partner with the Disaster Recovery team to ensure security tools are functional during recovery/failover scenarios. 

6. Mentorship & Technical Leadership

• Team Development: Provide daily technical guidance to junior analysts and interns ( a team of 2 to 5). Conduct reviews of their analysis and help them grow their technical skill sets. 
• Knowledge Base: Maintain a high-quality internal Knowledge Base for security operations procedures. 
• Process Optimization: Identify manual tasks performed by the team and lead automation efforts to improve efficiency. 

 

This position offers the flexibility of a hybrid schedule with the expectation of 3 days per week in our downtown Chicago office, and 2 days remote from home.

Essential Skills and Experience  

• Education: Bachelor’s degree in computer science, information systems, or related field; or equivalent professional experience.  

• Professional Experience:  5+ years of experience in relevant areas within the Information Security domains.  

• Information Security Standards / Frameworks: Strong understanding of ISO 27001, SOC 2, NIST CSF and CMMC.  

• Tooling Expertise: Advanced proficiency with Qualys, SIEM platforms, DLP tool, understanding of technical details within the security events, CrowdStrike, Palo Alto Cortex XSIAM, Microsoft Defender, or similar tools  

• Metrics, Data Analysis & Management Reporting : Strong focus on data analysis, dashboarding, KPIs/KRIs, and executive-ready reporting.  

• SIEM Knowledge: Deep understanding of SIEM logic and log analysis (e.g., Splunk, Sentinel, or other relevant experience). 

• Cloud Fluency: Experience managing security operations within cloud environments (Azure, or AWS). 

• Networking: Strong understanding of TCP/IP, DNS, WAF, and ZTNA concepts. 

 

Certifications (Preferred) 

• CISSP (Certified Information Systems Security Professional) 

• CISM (Certified Information Security Manager) 

• GCIH (GIAC Certified Incident Handler) 

• Or any other relevant industry recognized certification 

 

Soft Skills 

• Compassionate Candor: Provide candid, actionable feedback to enhance team performance and individual growth, including with external partners.  

• Seek to Understand: Embrace curiosity and continuous learning, digging into data and root causes to drive better decisions.  

• We Before Me: Collaborate effectively with IT, business partners, and vendors, engaging diverse perspectives to ensure collective success.  

• Do What You Say: Take ownership of commitments, deliver on key initiatives, and maintain high reliability during routine operations and major incidents.  

• Light Up Learning: Encourage experimentation, share lessons learned (including from incidents and near-misses), and foster a culture of continuous improvement.  

• Driven by Passion: Demonstrate genuine passion for information security, resilience, and protecting the organization, especially under pressure.  

• Driven by Passion: Connect personal passion to the mission, demonstrating resilience in the face of challenges while pursuing organizational goals. 

 

Why Join Us?

• Work in an established company that values innovation and growth.
• Engage with a collaborative team that is dedicated to making a meaningful impact in the energy sector.
• Gain exposure to cutting-edge projects and contribute to data-driven decision-making processes.

 

We do not sponsor employees for work authorization in the U.S. for this position.

 

At Sargent & Lundy, we care about the health and well-being of our employees. Our commitment extends beyond the workplace, offering comprehensive healthcare plans and generous paid time off to support our team members in every aspect of their lives. We understand the importance of work-life balance, which is why we are proud to provide competitive, award-winning benefits. Our dedication to employee satisfaction has earned us the prestigious Top Workplaces Culture Excellence Award for compensation and benefits in 2022, 2023, and 2024.

 

Health & Wellness	Financial Benefits	Work-Life Balance
Health Plans: Medical, Dental, Vision Life & Accident Insurance Disability Coverage Employee Assistance Program (EAP) Back-Up Daycare FSA & HSA	401(k) Pre-Tax Commuter Account Merit Scholarship Program Employee Discount Program Corporate Charitable Giving Program Tuition Assistance First Professional Licensure Bonus Employee Referral Bonus	Paid Annual Personal/Sick Time (PST) Paid Vacation Paid Holidays Paid Parental Leave Paid Bereavement Leave Flexible Work Arrangements

$100,010.00 - $144,190.00

Sargent & Lundy discloses compensation ranges that comply with all local and state regulations. The total compensation package for eligible positions will include a base salary or an hourly rate and a comprehensive benefits package, reflecting our commitment to rewarding performance and supporting the overall well-being of our employees. Individuals may also be eligible to participate in our yearly discretionary bonus.

Sargent & Lundy is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any protected status as defined by applicable law.