Security Operations Center (SOC) Analyst

Company Description

Arista Networks is an industry leader in data-driven, client-to-cloud networking for large data center, campus and routing environments. Arista is a well-established and profitable company with over $8 billion in revenue. Arista’s award-winning platforms, ranging in Ethernet speeds up to 800G bits per second, redefine scalability, agility, and resilience.  Arista is a founding member of the Ultra Ethernet consortium. We have shipped over 20 million cloud networking ports worldwide with CloudVision and EOS, an advanced network operating system. Arista is committed to open standards, and its products are available worldwide directly and through partners.

At Arista, we value the diversity of thought and perspectives each employee brings. We believe fostering an inclusive environment where individuals from various backgrounds and experiences feel welcome is essential for driving creativity and innovation.

Our commitment to excellence has earned us several prestigious awards, such as the Great Place to Work Survey for Best Engineering Team and Best Company for Diversity, Compensation, and Work-Life Balance. At Arista, we take pride in our track record of success and strive to maintain the highest quality and performance standards in everything we do.

Job Description

Who You’ll Work With

We are seeking a highly motivated and proactive Security Operations Center (SOC) Analyst to join our dynamic, remote cybersecurity team. The ideal candidate is a critical thinker, self-starter, and driven professional with hands-on experience using Crowdstrike or other EDRs. You will play a critical role in monitoring, triaging, and responding to cyber threats across our primarily Mac and Linux environments, with some Windows systems. You will work closely with a collaborative team of fellow SOC analysts, incident responders, threat hunters, and cross-functional partners across IT, engineering, and DevOps to ensure our security posture remains strong. We’re looking for someone who takes ownership, excels in high-pressure settings, and is skilled in writing CrowdStrike Query Language (CQL) (or similar) to create effective detections that protect our organization’s assets.

What You’Ll Do

• Monitor and triage security alerts.
• Build, test, and refine detections to enhance threat identification across Mac, Linux, and Windows systems.
• Conduct in-depth analysis of security incidents, including malware, phishing, and advanced persistent threats, leveraging SIEM and EDR capabilities.
• Perform proactive threat hunting using the SIEM and EDR features.
• Investigate and respond to incidents swiftly, following established incident response protocols.
• Document findings clearly and provide actionable remediation recommendations.
• Collaborate with cross-functional teams to strengthen security controls and mitigate vulnerabilities.
• Stay current on emerging threats, vulnerabilities, and industry trends through self-directed learning.
• Participate in on-call rotation for 24x7x365 SOC coverage, demonstrating reliability and accountability.
• Escalate confirmed or suspicious incidents and cases to the Incident Response team.

Qualifications

• 4-5+ years in a SOC and or active participant on incident response teams.
• Hands-on experience with CrowdStrike (or other EDR), triaging security incidents.
• Proven ability to write CQL (or similar) queries and build detections for threat monitoring.
• Experience triaging alerts in a high-volume environment.
• Experience with threat intelligence feeds, platform and OSINT tools (VirusTotal, etc.)
• Familiarity with forensic analysis and evidence handling.

Skills And Attributes:

• Exceptional critical thinking and analytical skills to address complex security challenges.
• Self-starter with a proven ability to take initiative and deliver results independently.
• Driven mindset, thriving in fast-paced, high-pressure remote work environments.
• Strong understanding of cybersecurity principles, threat landscapes, and attack vectors.
• Proficiency in analyzing logs, network traffic, and endpoint data using CrowdStrike Next-Gen SIEM, particularly for Mac and Linux systems (Windows experience a plus).
• Solid knowledge of incident response processes and methodologies.
• Familiarity with operating systems, with primary expertise in Mac and Linux, and secondary knowledge of Windows.
• High attention to detail and ability to make sound decisions under pressure.
• Demonstrated commitment to continuous learning and professional development in cybersecurity.

Nice-To-Have:

• Write and optimize detections to detect and investigate security events.
• Proficiency in scripting (e.g., Python) for automating SOC workflows.
• Experience creating playbooks in Crowdstrike Fusion SOAR (or similar SOAR)
• Knowledge of cloud security (GCP, AWS, and or Azure).
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).

Additional Information

Arista stands out as an engineering-centric company. Our leadership, including founders and engineering managers, are all engineers who understand sound software engineering principles and the importance of doing things right.

We hire globally into our diverse team. At Arista, engineers have complete ownership of their projects. Our management structure is flat and streamlined, and software engineering is led by those who understand it best. We prioritize the development and utilization of test automation tools.

Our engineers have access to every part of the company, providing opportunities to work across various domains. Arista is headquartered in Santa Clara, California, with development offices in Australia, Canada, India, Ireland, and the US. We consider all our R&D centers equal in stature.

Join us to shape the future of networking and be part of a culture that values invention, quality, respect, and fun.