Security Analyst, AI SOC Platform

Security Analyst, AI SOC Platform at Bespin Global US

Bespin Global is a top global cloud MSP, consistently recognized in the Gartner Magic Quadrant for eight consecutive years and named AWS MSP Partner of the Year. With over 1,400 “Bespineers” across 16 offices in 10 countries, we support more than 4,500 customers worldwide. This position is primarily a U.S./Canada remote role, requiring candidates to be located in U.S./Canada time zones with occasional travel.

We are seeking a mid- to senior-level Security Analyst who excels at the intersection of security operations and product development. The ideal candidate will be familiar with multiple technical security domains and possess deep experience in at least two of the following areas: cloud, endpoint, identity, email, or network security.

This role is a key contributor within our high-profile U.S. security services team, working globally with Bespin engineers and cloud partners to deliver high-quality security services and enhance our security tools and products. You should have a proven track record of analyzing, responding to, and communicating with customers about security events. Technical depth is crucial for troubleshooting platform issues and providing actionable product feedback to developers. Comfort with Linux command-line tools and public cloud operations (preferably AWS and GCP) is essential to understand and anticipate customer pain points when ingesting and analyzing cloud data sources.

About the Role:

• Work at the intersection of security operations and product engineering, contributing to the delivery and improvement of features in our AI SOC platform.
• Collaborate with internal teams to validate and refine new AI-driven detection and response features before customer release, and suggest product and tool enhancements.
• Monitor security events and lead the initial human response to security incidents in client environments, partnering with Bespin engineers and partners for optimal customer outcomes.
• Lead customer onboarding sessions, ensuring specific environments are correctly tuned and data flows accurately.
• Troubleshoot platform usage and data ingestion issues to ensure a smooth customer experience, acting as a technical bridge between customers and developers.
• Create and refine reusable investigation workflows (prompts, queries, and lightweight scripts) to ensure analyses are repeatable and easily transferable.

What We’re Looking For:

Must-Have:

• A minimum of 5 years of experience as a Security Analyst, Security Engineer, or Incident Responder.
• Excellent communication, interpersonal, and time-management skills for a customer-facing environment.
• Practical knowledge of cloud computing architecture and infrastructure, including compute, storage, identity, and networking.
• Experience analyzing cloud audit logs (e.g., AWS CloudTrail) and investigating suspicious activity in cloud environments.
• Experience with one or more SOC/SIEM/SOAR/EDR tools and security platforms (e.g., Splunk, Chronicle, SentinelOne, Elastic Security/Kibana, SumoLogic, or CrowdStrike) for event ingestion, analysis, and investigation.
• Fluency with one or more SIEM query languages and/or SQL.
• Strong data literacy and the ability to interpret complex logs from multiple layers of the application, infrastructure, identity, and network stack.
• Experience with technical customer onboarding, solution engineering, or detailed troubleshooting of security platforms.
• Experience using Linux command-line tools for security testing, data analysis, and automation/remediation.
• Ability to rapidly learn new tools and techniques with minimal supervision.
• Authorized to work in the United States or Canada.

Nice-to-Have:

• Familiarity with MDR (Managed Detection and Response) service delivery models and previous customer-facing experience in consulting or managed services.
• Familiarity with Python libraries such as Pandas, Requests, and other data science libraries.
• Experience with CNAPP/CSPM tools such as Wiz, Orca, or their open-source equivalents.
• Experience creating, reviewing, and improving AI prompts and guidance for agentic workflows that require human feedback.
• Experience in a product-focused environment, such as QA for security tools or providing structured feedback to engineering teams.
• Experience assisting with detection engineering practices, rule testing, tuning, and reducing false positives.
• Experience using AI agents and LLMs to analyze and improve security outcomes.
• Experience with "Detection as Code" principles or managing security content via CI/CD pipelines.
• Fluency with git and knowledge of development workflows.

Ready to shape the future of cloud and data for some of the most exciting companies in the world? Apply today and bring your expertise to Bespin Global.

Key skills/competency

• Security Operations
• Incident Response
• Cloud Security
• SIEM Tools
• EDR Platforms
• Data Analysis
• Linux CLI
• AWS
• GCP
• Product Feedback