TN Visa Security Operations Analyst Jobs

At Zotec Partners, our People make it happen. Transforming the healthcare industry isn’t easy. But when you build a team like the one we have, that goal can become a reality. Our accomplishments can’t happen without our extraordinary people – the men and women across the country who make up our diverse Zotec family and help make this company a best place to work. Over 25 years ago, we started Zotec with a clear vision, to partner with physicians to simplify the business of healthcare. Today we are more than 900 employees strong and we continue to use our incredible talent and energy to bring that vision to life. We are a team of Innovators, Collaborators and Doers. We’re seeking a Security Operations Analyst I to join us.

The Security Operations Analyst I serves as an entry-level member of the Security Operations Center (SOC), responsible for performing initial investigations of detections surfaced by Splunk Enterprise Security, CrowdStrike, and Abnormal AI. This role focuses on developing foundational monitoring, triage, and documentation skills under the guidance of senior analysts. The Analyst I plays a critical role in ensuring detections are accurately categorized, documented, and escalated in accordance with established runbooks and SOC procedures. Shift handoff dashboards produced by the Analyst I are reviewed by the Analyst II prior to escalation or distribution.

What you'll do:

Security Monitoring & Investigation:

• Monitor and triage detections from Splunk Enterprise Security, CrowdStrike, and Abnormal AI
• Execute basic Splunk SPL searches to investigate alerts and retrieve relevant log data
• Read and interpret existing Splunk dashboards to support monitoring and shift situational awareness
• Perform initial investigation of alerts to determine whether a detection represents a Security Event requiring escalation
• Document investigation findings accurately and completely in ClickUp per established case management procedures
• Follow established runbooks for standard detection types and escalation criteria
• Escalate confirmed or suspected Security Events to the Analyst II per defined procedures
• Enrich indicators of compromise (IOCs) using tools such as VirusTotal and AbuseIPDB to support investigation context
• Maintain awareness of current threats and indicators of compromise relevant to the organization’s environment

Phishing Investigation:

• Perform initial triage of phishing submissions and Abnormal AI-surfaced email threats
• Review reported emails in the Abnormal console and Splunk to assess malicious indicators
• Document phishing investigation findings in ClickUp and escalate confirmed threats to the Analyst II
• Follow established phishing response runbooks including initial containment actions within authorized scope

Endpoint & Access Monitoring:

• Monitor CrowdStrike detections and alerts for endpoint threats; document findings and escalate per runbook
• Review Netskope alerts for anomalous web or cloud access activity and escalate as appropriate
• Review CyberArk PAM-sourced events in Splunk for basic privileged account anomalies per defined criteria

SOAR & Automation:

• Execute existing Splunk SOAR playbooks as directed to support investigation and response workflows (in implementation)
• Document playbook execution results in ClickUp and flag any unexpected outputs to the Analyst II

Reporting & Shift Handoff:

• Produce accurate shift handoff notes and alert summary dashboards in Splunk for Analyst II review
• Contribute to daily SOC reporting by ensuring case notes and investigation status are current in ClickUp
• Identify and communicate false positive patterns to senior analysts to support detection quality improvement

Process & Documentation:

• Follow all SOC runbooks, standard operating procedures, and escalation workflows
• Contribute to the knowledge base by documenting novel investigation findings or patterns
• Participate in team meetings, training sessions, and incident response drills
• Note: File integrity monitoring and data loss prevention alerting will be onboarded as monitoring sources in a future phase; SOC Analyst I responsibilities will be updated accordingly

What you'll bring to Zotec:

• 0–2 years of experience in information security, IT operations, or a related field
• Knowledge of:
• Foundational security concepts including common attack types and threat categories
• Network protocols and basic infrastructure concepts
• Windows and Linux operating system fundamentals
• Log analysis and basic security event correlation
• Familiarity with:
• SIEM platforms and security monitoring tools
• EDR/XDR solutions
• IDS/IPS systems
• Standard incident response procedures

Preferred:

• Security certifications such as:
• CompTIA Security+
• HTB CJCA — Certified Junior Cybersecurity Analyst (entry-level SOC, SIEM monitoring, network traffic analysis, log review, intrusion detection)
• SSCP or GCIA
• Hands-on exposure to Splunk (basic searches, alert review, dashboard navigation)
• Familiarity with CrowdStrike Falcon console
• Basic scripting exposure (Python, PowerShell, or Bash)
• Bachelor’s degree in Computer Science, Cybersecurity, or related field, or equivalent experience