Connexure
Security Operations Center (SOC) Analyst
Atlanta Connexure is a software company serving the self-funded medical benefits ecosystem. Our software helps stop loss carriers, brokers, and third-party administrators with quoting, underwriting, and administering stop loss policies. Our mission is to unify the self-funded medical ecosystem through integrated technologies, processes, and data insights. Our leadership team believes in a customer-centric approach to driving value and creating a network effect where the software becomes value-additive through stakeholder interoperability. We are looking for talented and motivated individuals who align with our vision and will support the next phase of growth. Note:
This description is focused on the SOC Analyst role and does not include unrelated boilerplate content. Overview
Connexure is seeking a SOC Analyst to monitor, defend, and secure enterprise-level systems, applications, cloud platforms, and sensitive data in a hybrid, cloud-first environment. The role blends hands-on security engineering with SOC operations to ensure the confidentiality, integrity, and availability of IT assets while complying with recognized security frameworks and regulations such as SOC 2 and HITRUST. As a SOC Analyst, you will proactively detect and respond to threats, investigate and contain incidents, and implement and optimize security and monitoring solutions. You will support risk and vulnerability management, drive improvements in detection and response, and act as a point of contact for internal teams and clients on security matters. This role combines Tier 1 monitoring and Tier 2 incident response responsibilities and is suitable for security professionals with 3–5 years of experience who want to grow into advanced detection, response, and security engineering. Reports to: VP, Cloud Engineering & Cybersecurity FSLA Exemption: Exempt Position Location: Atlanta, GA (Hybrid: 3–5 days onsite; remote as needed) Responsibilities
Serve as the primary point of contact for client security communications, escalations, and status reporting. Lead team meetings and communicate SOC goals, ensuring alignment with SLAs and compliance requirements. Mentor and guide IT staff on advanced incident handling and tooling. Deliver security awareness training and collaborate with KnowBe4 campaigns. Present security posture, threat trends, and risk reports to management and clients. Continuously monitor and triage alerts from SIEM, IDS/IPS, DLP, EDR, firewalls, and other security platforms. Analyze data from multiple sources to identify threats, validate findings, and recommend remediation. Apply industry best practices and security frameworks to strengthen detection and response. Proactively detect and respond to emerging threats in real time. Monitor cloud security platforms (Wiz, Cyera, Datadog, Darktrace Email & Identity, SentinelOne, firewalls) and other tools. Investigate suspicious activity across on-premises and cloud environments and perform root cause analysis. Perform Tier 1–3 incident response: detection, containment, remediation, and post-incident reviews. Identify indicators of compromise (IOCs) and emerging threats; tune detection rules and dashboards. Maintain and update SOC playbooks, SOPs, and knowledge base to standardize detection and response. Generate security dashboards, threat metrics, and reports for leadership and clients. Provide Tier 1 triage and Tier 2 incident response, including containment and remediation. Handle incident intake, update tickets, and maintain accurate records of cyber events. Escalate incidents to Tier 2/Tier 3 analysts when necessary and participate in team exercises. Prepare and update incident response plans and perform activities in accordance with policies and procedures. Risk, Vulnerability & Compliance
Conduct internal risk, vulnerability, and compliance assessments to identify gaps and recommend mitigations. Support HITRUST, SOC 2, HIPAA and other compliance initiatives, including evidence collection and audit readiness. Coordinate and oversee evidence collection for audits. Prepare and maintain Plans of Action & Milestones (POA&Ms) for identified weaknesses and track remediation. Ensure periodic log monitoring occurs and report findings, including escalation of incidents or breaches. Document and maintain security procedures, configurations, and monitoring playbooks. Review and enforce access controls in alignment with security policies and standards (HIPAA). Security Engineering & Hardening
Assist with system administration tasks including configuration, hardening, patch management, and monitoring of Windows. Collaborate with developers to plan, implement, and manage security measures for applications and systems. Ensure controls prevent unauthorized access, modification, or disclosure of sensitive information. Implement and optimize enterprise security tools (Wiz, Cyera, SentinelOne, Darktrace, Datadog). Secure and govern Microsoft Entra ID and Azure tenants, including conditional access and Defender for Endpoint/Cloud/Identity. Support system hardening, patch management, and configuration reviews for on-prem and cloud systems. Automate monitoring and administrative tasks using PowerShell, APIs, and scripting. Research and recommend new security technologies and improvements to detection and response. SOC Operations & Client Support
Perform security alert triage, assess severity, and recommend actions. Conduct log analysis from multiple security sources to identify potential incidents. Maintain and update standard operating procedures (SOPs) and knowledge base articles. Research indicators of compromise (IOCs) to support detection and response. Investigate phishing emails and email-based threats. Communicate effectively with stakeholders through ticket updates, hotline support, and real-time collaboration tools. Prepare weekly/monthly reports summarizing incidents, actions, and improvements. Awareness & Reporting
Assist with security awareness training activities and preparation of training materials. Develop and communicate security metrics to assess effectiveness of controls and policies. Prepare and communicate the status of security programs and projects to management through reports and presentations. Additional Responsibilities & Expectations
Drive vulnerability management and compliance (SOC 2, HITRUST). Secure and automate CI/CD pipelines. Protect Azure cloud environments from evolving threats. Monitor systems, respond to threats, and lead incident resolution. Partner with developers to integrate AppSec practices (SAST/DAST, dependency scanning) into workflows. Mentor peers and foster a culture of security awareness. Qualifications
Required
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience). 3–5 years of experience in SOC operations, security analysis, or engineering. Familiarity with SIEM, EDR/XDR, WAFs, and OWASP Top 10. Strong understanding of cybersecurity principles, incident response, and best practices. Familiarity with cloud platforms (e.g., Azure). Knowledge of networking, encryption, and access controls. Experience with end-user support and IT troubleshooting, including installing and configuring applications, analyzing system errors, and monitoring event logs for anomalies. Experience supporting audit readiness and compliance with HITRUST, SOC 2, HIPAA. Hands-on experience with the Microsoft Security suite, including Microsoft Purview, Intune, and related technologies. Strong communication, documentation, and teamwork skills. Ability to work in a fast-paced, high-pressure environment, including rotating shifts, nights, and weekends. Preferred
Certifications such as CCSP (Certified Cloud Security Professional), Azure Security, or equivalent. Working knowledge of vulnerability management, endpoint detection and response, malware detection, and phishing defense tools. Experience working with third-party vendors/support organizations to track and resolve security product issues. Ability to write after-action reports that clearly describe incidents and response actions. Work Environment
Requesting 3-5 days in the Atlanta office alongside the Leadership team. Remote work is permitted on an as-needed basis throughout the year. Flexibility with scheduling around general business hours. Must have reliable internet and familiarity with digital platforms.
#J-18808-Ljbffr
Atlanta Connexure is a software company serving the self-funded medical benefits ecosystem. Our software helps stop loss carriers, brokers, and third-party administrators with quoting, underwriting, and administering stop loss policies. Our mission is to unify the self-funded medical ecosystem through integrated technologies, processes, and data insights. Our leadership team believes in a customer-centric approach to driving value and creating a network effect where the software becomes value-additive through stakeholder interoperability. We are looking for talented and motivated individuals who align with our vision and will support the next phase of growth. Note:
This description is focused on the SOC Analyst role and does not include unrelated boilerplate content. Overview
Connexure is seeking a SOC Analyst to monitor, defend, and secure enterprise-level systems, applications, cloud platforms, and sensitive data in a hybrid, cloud-first environment. The role blends hands-on security engineering with SOC operations to ensure the confidentiality, integrity, and availability of IT assets while complying with recognized security frameworks and regulations such as SOC 2 and HITRUST. As a SOC Analyst, you will proactively detect and respond to threats, investigate and contain incidents, and implement and optimize security and monitoring solutions. You will support risk and vulnerability management, drive improvements in detection and response, and act as a point of contact for internal teams and clients on security matters. This role combines Tier 1 monitoring and Tier 2 incident response responsibilities and is suitable for security professionals with 3–5 years of experience who want to grow into advanced detection, response, and security engineering. Reports to: VP, Cloud Engineering & Cybersecurity FSLA Exemption: Exempt Position Location: Atlanta, GA (Hybrid: 3–5 days onsite; remote as needed) Responsibilities
Serve as the primary point of contact for client security communications, escalations, and status reporting. Lead team meetings and communicate SOC goals, ensuring alignment with SLAs and compliance requirements. Mentor and guide IT staff on advanced incident handling and tooling. Deliver security awareness training and collaborate with KnowBe4 campaigns. Present security posture, threat trends, and risk reports to management and clients. Continuously monitor and triage alerts from SIEM, IDS/IPS, DLP, EDR, firewalls, and other security platforms. Analyze data from multiple sources to identify threats, validate findings, and recommend remediation. Apply industry best practices and security frameworks to strengthen detection and response. Proactively detect and respond to emerging threats in real time. Monitor cloud security platforms (Wiz, Cyera, Datadog, Darktrace Email & Identity, SentinelOne, firewalls) and other tools. Investigate suspicious activity across on-premises and cloud environments and perform root cause analysis. Perform Tier 1–3 incident response: detection, containment, remediation, and post-incident reviews. Identify indicators of compromise (IOCs) and emerging threats; tune detection rules and dashboards. Maintain and update SOC playbooks, SOPs, and knowledge base to standardize detection and response. Generate security dashboards, threat metrics, and reports for leadership and clients. Provide Tier 1 triage and Tier 2 incident response, including containment and remediation. Handle incident intake, update tickets, and maintain accurate records of cyber events. Escalate incidents to Tier 2/Tier 3 analysts when necessary and participate in team exercises. Prepare and update incident response plans and perform activities in accordance with policies and procedures. Risk, Vulnerability & Compliance
Conduct internal risk, vulnerability, and compliance assessments to identify gaps and recommend mitigations. Support HITRUST, SOC 2, HIPAA and other compliance initiatives, including evidence collection and audit readiness. Coordinate and oversee evidence collection for audits. Prepare and maintain Plans of Action & Milestones (POA&Ms) for identified weaknesses and track remediation. Ensure periodic log monitoring occurs and report findings, including escalation of incidents or breaches. Document and maintain security procedures, configurations, and monitoring playbooks. Review and enforce access controls in alignment with security policies and standards (HIPAA). Security Engineering & Hardening
Assist with system administration tasks including configuration, hardening, patch management, and monitoring of Windows. Collaborate with developers to plan, implement, and manage security measures for applications and systems. Ensure controls prevent unauthorized access, modification, or disclosure of sensitive information. Implement and optimize enterprise security tools (Wiz, Cyera, SentinelOne, Darktrace, Datadog). Secure and govern Microsoft Entra ID and Azure tenants, including conditional access and Defender for Endpoint/Cloud/Identity. Support system hardening, patch management, and configuration reviews for on-prem and cloud systems. Automate monitoring and administrative tasks using PowerShell, APIs, and scripting. Research and recommend new security technologies and improvements to detection and response. SOC Operations & Client Support
Perform security alert triage, assess severity, and recommend actions. Conduct log analysis from multiple security sources to identify potential incidents. Maintain and update standard operating procedures (SOPs) and knowledge base articles. Research indicators of compromise (IOCs) to support detection and response. Investigate phishing emails and email-based threats. Communicate effectively with stakeholders through ticket updates, hotline support, and real-time collaboration tools. Prepare weekly/monthly reports summarizing incidents, actions, and improvements. Awareness & Reporting
Assist with security awareness training activities and preparation of training materials. Develop and communicate security metrics to assess effectiveness of controls and policies. Prepare and communicate the status of security programs and projects to management through reports and presentations. Additional Responsibilities & Expectations
Drive vulnerability management and compliance (SOC 2, HITRUST). Secure and automate CI/CD pipelines. Protect Azure cloud environments from evolving threats. Monitor systems, respond to threats, and lead incident resolution. Partner with developers to integrate AppSec practices (SAST/DAST, dependency scanning) into workflows. Mentor peers and foster a culture of security awareness. Qualifications
Required
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience). 3–5 years of experience in SOC operations, security analysis, or engineering. Familiarity with SIEM, EDR/XDR, WAFs, and OWASP Top 10. Strong understanding of cybersecurity principles, incident response, and best practices. Familiarity with cloud platforms (e.g., Azure). Knowledge of networking, encryption, and access controls. Experience with end-user support and IT troubleshooting, including installing and configuring applications, analyzing system errors, and monitoring event logs for anomalies. Experience supporting audit readiness and compliance with HITRUST, SOC 2, HIPAA. Hands-on experience with the Microsoft Security suite, including Microsoft Purview, Intune, and related technologies. Strong communication, documentation, and teamwork skills. Ability to work in a fast-paced, high-pressure environment, including rotating shifts, nights, and weekends. Preferred
Certifications such as CCSP (Certified Cloud Security Professional), Azure Security, or equivalent. Working knowledge of vulnerability management, endpoint detection and response, malware detection, and phishing defense tools. Experience working with third-party vendors/support organizations to track and resolve security product issues. Ability to write after-action reports that clearly describe incidents and response actions. Work Environment
Requesting 3-5 days in the Atlanta office alongside the Leadership team. Remote work is permitted on an as-needed basis throughout the year. Flexibility with scheduling around general business hours. Must have reliable internet and familiarity with digital platforms.
#J-18808-Ljbffr