SOC Analyst – Defensive Operations Division
Location: Las Vegas, NV
Position Type: Full-Time / On-Site or Hybrid (Depending on Clearance & Client Requirements)
Department: Blue Team / Security Operations Center
Reports To: Director of Defensive Security & Incident Response
About the Role
Blackthorn Tactical’s Security Operations Center is the backbone of our defensive mission—where active threats are monitored, analyzed, and neutralized before they escalate. As a SOC Analyst, you will operate on the front line of cyber and physical defense, using intelligence-driven techniques to identify adversarial activity, respond to incidents, and strengthen the security posture of our clients.
This is not a checkbox SOC role.
Our analysts think like adversaries, correlate signals across cyber-physical environments, and provide actionable intelligence to help organizations defend against real-world threats.
Mission of the SOC Analyst
To detect, analyze, and respond to security threats—faster, smarter, and more comprehensively than the adversary.
You will support Blackthorn Tactical’s multi-layered defensive strategy by:
-
Monitoring and analyzing security events across client environments
-
Identifying early indicators of compromise
-
Escalating and responding to active threats
-
Conducting threat hunting and anomaly detection
-
Supporting incident response operations
-
Producing intelligence-driven reports and recommendations
If you want to sharpen your defensive tradecraft, operate in real adversarial conditions, and contribute to high-impact missions, this role is for you.
Key Responsibilities
1. Real-Time Threat Monitoring & Detection
-
Monitor SIEM, EDR/XDR, IDS/IPS, firewall, authentication, and network telemetry in real time
-
Identify abnormal behavior, suspicious events, and potential intrusions
-
Triage alerts for severity, urgency, and potential impact
-
Maintain situational awareness across cyber, physical, and human-layer systems
-
Validate security events by correlating multi-domain indicators (logs, physical access, user behavior, cloud activity)
2. Incident Response & Escalation
-
Conduct initial incident triage and evidence collection
-
Escalate critical events to Tier II/III analysts or IR teams
-
Assist with containment steps: isolation, credential resets, segmentation, disabling compromised accounts
-
Document all events with precision and clarity
-
Support forensics collection as needed
-
Participate in after-action reviews and contribute to remediation plans
3. Threat Hunting & Proactive Analysis
-
Hunt for adversarial behavior across endpoints, networks, cloud, and identity systems
-
Build hypotheses using adversary TTPs (MITRE ATT&CK, D3FEND, threat intel feeds)
-
Develop detection rules, queries, and dashboards to identify emerging patterns
-
Identify invisible or low-noise threats such as insider activity, lateral movement, privilege escalation, and cloud-based anomalies
-
Recommend hardening steps and defensive control improvements
4. Detection Engineering & Optimization
-
Assist with tuning alerts to reduce noise and increase fidelity
-
Improve log routing, normalization, and correlation within SIEM/XDR platforms
-
Develop detection logic for behavior-based anomalies
-
Support creation of response playbooks, SOPs, and use-cases
-
Test and validate new detection rules using real-world adversary simulations
5. Reporting, Documentation & Communication
-
Create detailed incident reports and executive-level summaries
-
Maintain documentation for all cases, alerts, and investigations
-
Translate complex technical events into clear, actionable recommendations
-
Communicate effectively with technical teams, management, and client leadership
-
Participate in client briefings, defensive strategy sessions, and operational updates
6. Security Improvement & Blue Team Collaboration
-
Work with Red Team and Threat Simulation units to understand adversarial techniques
-
Identify weaknesses revealed during engagements and support remediation
-
Collaborate with physical security and human risk analysts to detect blended threats
-
Assist in development of long-term security architecture and continuous improvement plans
Required Skills & Experience
Technical Skills
Candidates should have strong experience with several of the following:
Core SOC Technologies
-
SIEM platforms (Splunk, Sentinel, QRadar, Elastic, LogRhythm, etc.)
-
EDR/XDR (CrowdStrike, Carbon Black, Defender, SentinelOne)
-
IDS/IPS & NDR tools
-
SOAR platforms or automated response tools
-
Network analyzers (Wireshark, Zeek, Suricata)
-
Log analysis and correlation systems
-
Cloud security monitoring tools (Azure, AWS, GCP)
Security & Network Fundamentals
-
TCP/IP fundamentals, protocols, ports, DNS, DHCP
-
Windows, Linux, macOS system internals
-
Active Directory and identity infrastructure
-
Endpoint hardening and network segmentation
-
Understanding of encryption, authentication, MFA, IAM
Threat Detection Knowledge
-
MITRE ATT&CK & D3FEND frameworks
-
Adversary behavior and TTP analysis
-
Malware patterns, phishing indicators, ransomware behaviors
-
Cloud attack paths and misconfiguration exploitation
-
Lateral movement techniques and privilege escalation
Professional Requirements
-
Prior experience in a SOC environment (Tier I or higher) preferred
-
Ability to work shift-based schedules (24/7 SOC rotation may apply)
-
Strong analytical and investigative skills
-
Excellent written communication for reporting and documentation
-
Ability to maintain composure during high-pressure incidents
-
Strong attention to detail, with bias for accuracy and clarity
Preferred Certifications
(Not all required, but these strengthen candidacy and align with Blackthorn Tactical’s professional standards.)
Entry/Tactical Certifications
-
CompTIA Security+
-
CompTIA CySA+
-
CompTIA Network+
-
EC-Council CEH
-
EC-Council CHFI
Intermediate/Advanced SOC Certifications
-
GIAC GCIH (Incident Handler)
-
GIAC GCIA (Intrusion Analyst)
-
GIAC GCFE / GCFA (Forensics)
-
GIAC GMON (Continuous Monitoring)
-
GIAC Blue Team Level 1 (BTL1)
Cloud & Platform Certifications
-
Azure Security Engineer (AZ-500)
-
AWS Security – Specialty
-
Google Professional Cloud Security Engineer
SIEM-Specific Credentials
-
Splunk Core User / Power User / Enterprise Security
-
Microsoft Sentinel Analyst Foundations
-
Elastic Certified Analyst
Threat Intelligence & Adversary Certifications
-
MITRE ATT&CK Defender
-
SANS FOR508 / DFIR-related
-
Threat Hunter certifications (eLearnSecurity/eCTHP)
Preferred Experience
-
Experience in cyber-physical environments (resorts, casinos, critical infrastructure, hospitality, high-security facilities)
-
Exposure to red-team or adversary simulation environments
-
Experience with incident response and digital forensics
-
Experience tuning SIEMs or building detection rules
-
Knowledge of regulatory frameworks: PCI-DSS, NIST, ISO27001, CJIS, HIPAA (if applicable)
Soft Skills
-
Analytical mindset with adversarial thinking
-
Calm under pressure and able to triage crises
-
Strong sense of responsibility and integrity
-
Communication skills for both technical and executive audiences
-
Willingness to continuously train, research, and improve
-
Team-oriented mindset with readiness to collaborate across disciplines
What Success Looks Like in This Role
A successful SOC Analyst at Blackthorn Tactical:
-
Detects abnormal behavior before automated tools do
-
Communicates clearly under pressure
-
Adapts quickly to rapidly changing threats
-
Identifies patterns others overlook
-
Supports Red Team and IR teams with precise intelligence
-
Improves defensive posture through actionable insights
-
Treats every alert as an opportunity to learn the adversary
Career Growth Path
SOC Technician → SOC Analyst (Tier I → Tier II) → Senior Analyst → IR Specialist → Detection Engineer → SOC Lead → Blue Team Manager → Defensive Security Architect
Blackthorn Tactical invests heavily in training, certifications, and professional development. Analysts demonstrating high capability and discipline can accelerate quickly.
