Lead SOC Analyst

Position Summary 

The Senior Security Operations Center (SOC) Analyst at Copperleaf plays a critical role in protecting our global SaaS platform, internal systems, and customer environments. This role requires deep technical expertise in cloud‑centric security operations, advanced detection and response, and strong familiarity with enterprise technologies that support Copperleaf’s product ecosystem and operational security. 

Senior Analysts lead complex investigations, support continuous operational improvement, and strengthen our ability to rapidly detect and respond to threats targeting cloud workloads (Azure), identity systems (Azure AD/Entra ID), clusters, endpoint platforms, and customer‑integrated data pipelines. This role also mentors junior analysts and collaborates closely with Security Engineering, CloudOps, IT, and Incident Response to improve detection logic, logging visibility, automation, and resiliency across Copperleaf’s environment. 

Key Responsibilities 

Leadership & Team Support 

• Act as a senior escalation point for SOC investigations, providing guidance aligned to Copperleaf’s security architecture and operational practices. 

• Mentor junior analysts and help drive team maturity in cloud security, detection engineering, and SaaS‑specific monitoring. 

• Recommend training and process enhancements to support ongoing professional development. 

• Participate in tabletop exercises tailored to Copperleaf’s product, cloud, and operational risk scenarios. 

Security Monitoring & Incident Response 

• Lead investigations into security alerts across Copperleaf’s Azure‑hosted environments, identity systems, corporate endpoints, and product infrastructure. 

• Support incident response activities including containment, remediation, documentation, and lessons‑learned. 

• Analyze logs from Azure Monitor, Entra ID, Kubernetes clusters, application services, and customer‑facing integrations. 

• Create detections mapped to MITRE ATT&CK for cloud and SaaS environments. 

• Maintain and improve SOC playbooks and SOPs specific to Copperleaf’s operational, compliance, and customer commitments. 

• Recommend tuning of cloud-native and third‑party detection tools to reduce false positives. 

• As part of your role, you may be required to participate in an on‑call rotation to support business‑critical operations outside of standard working hours.

Threat Intelligence, Detection Engineering & Automation 

• Track emerging threats relevant to SaaS providers, cloud platforms, Kubernetes, identity infrastructure, and AI‑driven attack techniques. 

• Conduct proactive threat hunting across cloud workloads, identity logs, endpoints, and product telemetry. 

• Develop and refine KQL queries, automation workflows, and SOAR playbooks. 

• Evaluate logging coverage across Azure, product services, and corporate systems, ensuring alignment to Copperleaf’s observability standards. 

Cross‑Functional Collaboration 

• Collaborate with Security Engineering, CloudOps, IT, and Platform teams to enhance detection capabilities and ensure appropriate telemetry. 

• Contribute to operational KPIs, metrics, and reporting used for Copperleaf leadership updates. 

• Share insights, documentation, and best practices to support overall team improvement. 

• Partner with CloudOps and Engineering on secure configuration, operational visibility, and incident readiness.