Sr SOC Analyst

About the Role 

The Senior SOC Analyst – Threat Hunting Specialist is responsible for proactively identifying, investigating, and mitigating sophisticated cyber threats that target Mattel’s global enterprise. This role goes beyond traditional alert triage and incident response, focusing on proactive detection of malicious activity that evades automated defenses. The analyst leverages advanced threat intelligence, behavioral analytics, endpoint telemetry, and network data to uncover hidden adversary activity and improve organizational resilience. This position requires deep technical expertise in threat hunting, detection engineering, and forensics, with the ability to translate threat insights into actionable detections and security improvements. 

Roles and Responsibilities 

• Plan, design, and execute proactive threat hunts to identify stealthy adversaries and undetected compromises across Mattel’s environment. 

• Develop hypotheses based on threat intelligence, adversary behaviors, and environmental telemetry to guide hunting activities. 

• Analyze endpoint, network, and cloud data to identify anomalies, malicious behavior, and emerging attack techniques. 

• Create, test, and maintain advanced detection use cases in SIEM, EDR, and NDR platforms to improve detection coverage. 

• Collaborate with Incident Response teams to validate findings, contain threats, and support recovery efforts during security incidents. 

• Perform deep-dive forensic investigations using log data, EDR telemetry, and network captures to identify root causes and attacker movement. 

• Integrate internal and external threat intelligence into hunting workflows to improve detection accuracy and contextual awareness. 

• Develop and tune detection logic to reduce false positives and enhance signal-to-noise ratio in alerting pipelines. 

• Contribute to the development and continuous improvement of SOC playbooks, workflows, and standard operating procedures (SOPs). 

• Mentor SOC analysts in threat hunting methodologies, investigation best practices, and detection engineering principles. 

• Collaborate with Red Teams, Security Engineering, and Threat Intelligence teams to simulate attacks, validate defenses, and close detection gaps. 

• Perform periodic assessments of detection coverage and visibility to ensure alignment with the MITRE ATT&CK framework. 

• Lead or support purple team exercises to assess SOC readiness, identify detection gaps, and strengthen defensive posture. 

• Participate in continuous improvement initiatives to enhance logging, telemetry, and automation capabilities within the SOC. 

• Stay informed about emerging threats, APT campaigns, and evolving adversary tradecraft relevant to the organization’s threat landscape.