Security Operations Center (SOC) Analyst I

McGough is a respected partner that brings six generations of experience to high profile, unique and complex construction projects.  We take great pride in our people and their extraordinary expertise in planning, development, construction and facility management.  McGough employee tenure reflects the commitment and pride we share in our work.  Ask anyone who knows us - the caliber of our people sets us apart.

SOC ANALYST I

The SOC Analyst I is responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats and security incidents across McGough’s networks, systems, and cloud environments. This role serves as a first line of defense within the Security Operations Center (SOC), working closely with Infrastructure, Network, and Systems teams to protect company assets.

The SOC Analyst I monitors security tools and alerts, performs initial triage of potential incidents, escalates threats as appropriate, and assists in implementing security controls. This role supports continuous improvement of security monitoring, incident response processes, and compliance initiatives.

QUALIFICATIONS:

Required:

• Associate’s degree in Cybersecurity, Information Technology, Computer Science, or related field, or equivalent combination of education and experience.
• 0–2 years of experience in IT, cybersecurity, help desk, network support, or system administration.

  Foundational understanding of cybersecurity principles including:

  • CIA triad (Confidentiality, Integrity, Availability)
  • Threat actors and attack vectors
  • Common vulnerabilities and exploits

  Basic knowledge of:

  • SIEM platforms (e.g., Microsoft Sentinel, Splunk, etc.)
  • Endpoint Detection & Response (EDR)
  • Firewalls and intrusion detection/prevention systems (IDS/IPS)
  • TCP/IP, DNS, DHCP, and common network protocols
• Ability to analyze logs and security alerts to determine potential threats.
• Understanding of cloud security fundamentals (Microsoft 365, Azure, or AWS preferred).

Preferred:

• Industry certifications such as:
  • CompTIA Security+

  Familiarity with:

  • Microsoft Active Directory and Group Policy
  • Microsoft Defender suite
  • Networking fundamentals

  Understanding of:

  • Incident response lifecycle
  • MITRE ATT&CK framework
  • Basic threat intelligence concepts
  • Experience in ticketing systems (ServiceNow or similar).
  • Knowledge of security compliance frameworks (NIST CSF, CIS Controls, ISO 27001).
• Knowledge of construction industry operations.

Skills:

• Strong analytical and problem-solving skills.
• Detail-oriented with ability to identify anomalies and suspicious patterns.
• Ability to document incidents clearly and accurately.
• Strong understanding of networking fundamentals, operating systems, and cybersecurity best practices
• Ability to interpret and correlate security event data from multiple sources
• Strong written and verbal communication skills
• Ability to work independently and within established timeframes
• Ability to prioritize multiple alerts and tasks simultaneously
• Demonstrated problem-solving and investigative skills
• Ability to work with confidential data and maintain privacy
• Positive, proactive mindset with desire for continuous learning
• Proficiency in Microsoft Office Suite
• Ability to identify patterns, assess risk exposure, and escalate appropriately
• Effective communication skills to interact with technical teams and business stakeholders

CORE RESPONSIBLITIES:

Main Job Duties 

• Monitor SIEM dashboards, EDR alerts, firewall logs, and other security tools for suspicious activity.
• Perform initial triage and investigation of security alerts to determine validity and impact.
• Escalate confirmed or high-risk incidents to senior analysts or management.
• Assist in containment, eradication, and recovery activities during security incidents.
• Document incidents thoroughly in ticketing systems and maintain accurate case records.
• Conduct basic threat hunting activities using log analysis and endpoint telemetry.
• Support vulnerability management processes by reviewing scan results and tracking remediation.
• Assist in maintaining and tuning security monitoring rules and alert thresholds.
• Participate in incident response tabletop exercises and security drills.
• Collaborate with Infrastructure, Network, and Systems teams to remediate vulnerabilities and improve security posture.

Strategy & Security Program Support

• Support development and improvement of SOC processes and playbooks.
• Assist in maintaining security documentation, procedures, and standards.
• Contribute to continuous improvement of detection and response capabilities.
• Stay current on emerging cybersecurity threats, vulnerabilities, and industry best practices.

Reporting & Analysis 

• Prepare basic incident summaries and metrics for senior security staff.
• Track trends in alerts, phishing attempts, malware detections, and other security events.
• Assist in reporting key risk indicators and response metrics.

Other Duties as assigned 

• Participate in cross-functional technology and security initiatives.
• Support internal audits and compliance assessments as requested.
• Collaborate with internal teams and external vendors when necessary.
• Other duties as assigned.

OFFICE AND TRAVEL:

• Primarily works in corporate office out of St. Paul.  May be minimal travel between office locations and to role related conferences.
• Role allows for work from home, but working in the office occasionally during the week is preferred.  Work in the office during the initial 3 months is required. 

PHYSICAL REQUIREMENTS:

The physical requirements listed here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Position involves sitting for extended periods of time at employee’s work station.  Employee needs to be able to lift up to 20 pounds as frequently as needed to move objects; dexterity to write and manipulate computer keyboard and mouse; ability to hear and speak clearly; and ability to distinguish between colors on graphs and charts.

Occasionally, employee will be required to visit construction jobsites which may expose the employee to dirt, dust, uneven surfaces, outdoor weather conditions and extreme temperatures.

***************************************************************************************************************************************

In alignment with our commitment to pay transparency, the base salary range for this position is $70,000 to $83,000, excluding fringe benefits or potential bonuses. If you join McGough, your final base salary will be determined by several factors, including geography, location, skills, education, and experience. Furthermore, we place significant value on pay equity among our current team members as part of any final job offer.

Please note that the range provided above reflects the hiring range for this role. Hiring near the top end of this range would be atypical, as we aim to allow room for future salary growth. Additionally, McGough offers a comprehensive compensation and benefits package. This includes insurance coverage for medical, dental, vision, life, and disability. We also provide generous retirement plans, voluntary benefit plans, parental leave, substantial paid time off, and holiday pay.