Job Summary: 


The Senior SOC Analyst leads and oversees activities relating to incident generation, monitoring, and responding to security events.  With regular reporting and feedback from management, leads analysts, the VSOC, or the MDR platform including escalations, information security processes, security tools, and services.  Supports multiple security-related platforms and technologies utilizing SOAR/Automation, cyber threat intelligence, and threat hunting, while interfacing with members of the IT organization, other internal business units, and external parties as necessary.  Defines and maintains use cases related to incident triage, incident response, incident generation, detection rules, correlation rules, thresholds, and tuning to identify, manage, and contain suspicious/malicious activity.  The Senior SOC Analyst reports to the Manager of Security Operations and is an involved member of the SOC team.  The Senior SOC Analyst will utilize Cyber Threat Intelligence, Threat Hunting, and SOC SLAs, KPIs and metrics.  


Job Expectations: 

  • Work as a team to consistently learn and share advanced skills and foster team excellence

  • Monitor and process response for security events on a 24x7 basis

  • Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention)

  • Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems

  • Participate in threat modeling collaboration with other members of the security team.

  • Work with, and provide feedback to, Engineers and the Red/Purple team, to help measure the efficacy of defenses, identify, and remediate gaps, and improve our security posture and defenses

  • Leverage SOAR (security orchestration, automation, and response) solution to automate repetitive tasks and simplify workflows

  • Assist with incident response as events are escalated, including triage, remediation, and documentation

  • Aid in threat and vulnerability research across event data collected by systems

  • Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats 

  • Work alongside other security team members to hunt for and identify security issues generated from the network, including third-party relationships

  • Seek opportunities to drive efficiencies

  • Manage security event investigations, partnering with other departments (e.g., IT) as needed

  • Evaluate SOC policies and procedures and recommend updates to management as appropriate

  • Adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events

  • Partner with the security operations team to improve tool usage and workflow, as well as other teams to mature monitoring and response capabilities

  • Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security, and data networking, to offer global solutions for a complex heterogeneous environment

  • Maintain working knowledge of advanced threat detection as the industry and the threat landscape evolves

  • At iHerb, you will have the ability to ‘choose your own adventure’ a percentage of the time in other areas of Cyber Security, including and not limited to:  Digital Forensics and Incident Response (DFIR), Incident Handling, SOC and Intrusion Analysis, Automation, Cyber Threat Intelligence, Cyber Defense, and Offensive Security

  • Perform other duties as assigned


The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.


Knowledge, Skills and Abilities. 

  • Experience with Blue Team and/or Red/Purple Team and/or MSSP experience preferred

  • Experience working in a 24x7 operational environment, with geographic disparity preferred

  • Experience driving measurable improvement in monitoring and response capabilities at scale

  • Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools

  • A passion for analyzing logs, alerts, traffic directionality, and other aspects of Cyber Defense

  • General understanding of security fundamentals (cryptography, least privilege, segregation of duties, …) and general security technologies, including operating systems, network security (firewalls, VPNs, EDR, Web Content Filtering, etc.), security incident and event management, business continuity, physical security, identity management, directory services, etc.

  • Knowledge of a variety of Internet protocols

  • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively

  • Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI-DSS), Health Information Portability and Accountability Ace (HIPAA), Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR)

  • Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices

  • Experience with Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP)

  • Understanding of AWS services: EC2, VPC, IAM, AWS Systems Manager, etc.

  • Understanding of CVSS scoring, OWASP, the MITRE ATT&CK framework and the SDLC

  • A strong passion for cyber security, and ability to learn and work, in a fast paced and dynamic environment

  • Self-starter requiring minimal supervision

  • Strong work ethic, including consistent documentation and tracking of activities

  • High degree of accuracy and attention to detail

  • Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well

  • Excellent organization skills, accuracy, attention to detail, and ability to multitask

  • Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface

  • Highly organized and efficient, with an analytical and problem-solving mindset

  • Demonstrates highly effective communications skills, with ability to influence business units

  • Demonstrates strategic and tactical thinking, along with decision-making skills and business acumen

  • Works calmly under pressure and with tight deadlines and in high stress situations

  • Leads by example


Equipment Knowledge: 

  • Experience with Cyber Defense security monitoring, SIEM tools, IDS/IPS, web filters, EDR/NGAV, SOAR, etc.

  • Knowledge of incident generation, correlation, aggregation, tuning (noise to signal), packet/payload inspection, differentiating between true/false positives/negatives

  • Experience working with Splunk or equivalent SIEM’s, understanding dashboards, alerts, queries, regex, etc.

  • Experience with cloud, systems, email, and network security

  • Experience with container platforms (Docker, Kubernetes, …) desired

  • Experience with various tooling in the Information Security space

  • Knowledge of IT/Information Security Audit and assessment

  • Knowledge researching, analyzing, and recommending information security solutions

  • Knowledge of information security practices and concepts including firewalls, intrusion detection/prevention, EDR, NetFlow analysis, access controls, risk analysis, vulnerability scanning, web content filtering, web proxy systems, DFIR, application whitelisting and data encryption

  • Security awareness and enterprise phish testing systems

  • Experience with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.)

  • Experience with Google Workspace (e.g., Gmail, Drive, Docs, Sheets, Forms. etc.) preferred


Experience Requirements:


Generally, requires a minimum of five (5) years of general work experience and one (1) year of relevant experience in functional responsibility. A minimum two (2) years of security monitoring, security operations, Blue Team and/or Red/Purple Team, and/or MSSP experience, preferred. Preferably, one or more of the following certifications: GCIH, GCIA, GPEN, GWAPT, CISSP, or equivalent. A minimum of five  (5) plus years’ experience in information security monitoring and response, security operations, or related experience. 


Education Requirements: 


BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems, or comparable training/experience, or a combination of education and equivalent work experience.


Judgment/Reasoning Ability:  Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise, and diplomacy.  Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.


Physical Demands:  The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job.  While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms.  Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the workday.  The Team Member may occasionally lift or move office products and supplies up to 25 pounds.  Proper lifting techniques required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


Work Environment:  The noise in the work environment is usually moderate.  Other factors are:

  • Hectic, fast paced with multi-level distractions

  • Professional, yet casual work environment

  • Office / Warehouse environment

  • Ability to work extended hours as required


Job Description Acknowledgement:


I have received a copy of my job description for my current position. The job description describes duties and responsibilities which apply to me.  I agree to read the job description and understand it may be amended as company conditions or requirements necessitate.  In that case, changes will be communicated to me.


Team Member Name (PRINT): ________________________________

Team Member Signature: __________________________________

Date: ____________________


Human Resources (PRINT): _________________________________

Human Resources Signature: ______________________________

Date: ____________________

About iHerb
iHerb is a leading global e-commerce retailer  with an emphasis on providing an exceptional selection of nutritional and wellness products for the past 25 years. With over 30,000 products shipped to over 180 countries, we provide the best overall value for natural products through an innovative and efficient supply chain process. 

Our teams have a strong sense of commitment and pride in their work, which has allowed us to grow, even during the recent pandemic. At iHerb, our purpose is to empower people to enhance their health, happiness, and well-being — that starts with valuing our team members by providing a positive work environment with competitive benefits. Our five  shared values unite our team members across the globe and provide a stable foundation. These values speak to who we are, the culture we’re building, and how every single team member contributes to our larger company vision. 

iHerb's Shared Values
Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly · Embrace Diversity & Inclusion · Strive for Simplicity

iHerb Benefits
At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well and plan for the financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. Below is a snapshot of the benefits we offer our team members.  For a more comprehensive listing, visit 

  • Medical Care: Starting in 2021, iHerb covers 100% of the associated cost for medical benefits
  • Dental and Vision benefits
  • Safe Harbor 401(k) + company match (100% of the first 6% of the employee’s contribution)
  • Company-paid Term Life Insurance
  • Short and Long Term Disability
  • Flexible Spending Account (for qualifying expenses)
  • Pet Insurance
  • Voluntary Supplemental Benefits
  • Education Reimbursement Programs
  • Professional Development and Job Training
  • Wellness Programs with opportunity to earn up to $300 per year

We strive for innovation, targeted at delivering a customer-centric experience while transforming the online shopping experience. We change direction and define ourselves in the idea that individually we are incredible but united our growth is infinite and paramount to our success. iHerb strives to be the global industry leader!

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Apply for this Job

* Required


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at iHerb are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.