Security Analyst Lead — Endpoint & SOC Operations

About the role:

We’re seeking a proactive and highly capable Security Analyst Lead to own endpoint protection and SOC operations as we scale our MSP infrastructure — including onboarding a new client with over 2,000 endpoints.

You will lead the day-today execution and oversight of our SentinelOne and Adlumen deployments, and work directly with our SOC partner to ensure high-quality, fast-response protection across all assets. You’re not here to wait for alerts — you’re here to build process, tune tools, and stay ahead of threats.
This is a senior hands-on-role with the potential to build and scale a security support team under you.

What You’ll Do:

• Lead the endpoint protection strategy across thousands of devices using SentinelOne.
• Manage and fine-tune our Adlumen SIEM/SOC integration, ensuring effective alert flow, minimal false positives, and proper escalations.
• Act as the primary interface with the SOC, reviewing tickets, metrics, and incident quality.
• Develop and maintain security playbooks and SOPs for incident response, threat detection, and scalation paths.
• Assist in the onboarding of high-value clients, ensuring endpoint security posture is compliant and enforced from day one.
• Implement threat hunting, anomaly detection, and deeper analytics using EDR/XDR data.
• Prepare weekly and monthly security posture reports, identifying vulnerabilities, threats, and incident response trends.
• Build or scale a Tier 1/Tier 2 analyst team if needed, including shift planning and onboarding.

What you bring:

• 4+years in security operations or endpoint defense, preferably within an MSP or SOC-driven environment.
• Hands-on experience with SentinelOne and/or comparable EDR solutions (CrowdStrike, Defender for Endpoint, etc).
• Experience managing or integrating with SIEM/SOC platforms like Adlumen, Splunk, AlienVault, etc.
• Ability to tune alerting, define response playbooks, and manage incident escalation.
• Fluent English and strong communications skills — comfortable interacting with analysts, engineers, and clients.
• Autonomous mindset — you don’t wait for instructions, you bring structure and clarity to the table.

Bonus points:

• Experience building or leading a SOC or Tier 1 analyst team.
• Security certifications such as CompTIA Security+, CySA+, Microsoft SC-200, GIAC, or similar.
• Familiarity with endpoint hardening, vulnerability management, and RMM integration.

What we offer:

• 100% remote position (WeWork stripend optional).
• Strategic visibility and impact — we want your fingerprints on the structure.
• A chance to build not just processes, but a team.

To apply, send your resume and a short note about your experience managing SOC integrations, endpoint security tools, or response playbooks along with Monthly pay expectation.

We’re not looking for someone to react — we’re looking for someone to lead the defense.

Send your application to: careers@softwarecraftcr.com or submit via our form.