Staff SOC Analyst

Ever since we started in 2007, Sunrun has been at the forefront of connecting people to the cleanest energy on Earth. It’s why we’ve become the #1 home solar and battery company in America. Today, we’re on a mission to change the way the world interacts with energy, and we’re building a company and brand that puts power at the center of life. And we’re doing it by designing a dynamic culture where employee development, well-being, and safety come first. We’re unlike any other solar company. Our vertically integrated model gives us total control over every part of the energy lifecycle – from sale through installation and beyond – so you can find endless opportunities for growth. Come join a career you can grow in and a culture you can run with.

This position is primarily remote, with occasional visits to a local office or our corporate headquarters for team-building, training, and collaborative project work. These on-site sessions are designed to strengthen connections, share insights, and ensure a seamless experience for our team and customers. Equipment pick-up from a local branch will be required. We will  provide advance notice whenever on-site attendance is required, making these times purposeful and rewarding.

Position Overview

We are seeking a highly skilled and motivated Staff Security Operations Center (SOC) Analyst to join our security team. In this pivotal role, you will serve as a senior technical expert and escalation point within the SOC, driving advanced threat detection, incident response, and continuous improvement of our detection and response capabilities. The ideal candidate will bring deep technical expertise, strong analytical and problem-solving skills, and a proactive mindset for anticipating and mitigating cyber threats. As a Staff SOC Analyst, you will collaborate closely with SOC leadership, threat intelligence, and engineering teams to refine detection capabilities, enhance response processes, and mentor junior analysts.

Key Responsibilities

• Serve as the senior technical expert within the SOC, providing advanced analysis, guidance, and escalation support for complex security incidents and investigations.
• Lead threat detection and monitoring efforts, ensuring high-quality alerting, correlation logic, and continuous tuning of SIEM, EDR, and related security tools.
• Participate in incident response operations, coordinating containment, eradication, and recovery actions across teams while maintaining situational awareness and clear communication.
• Develop and enhance detection content, including use cases, correlation rules, and analytics to improve visibility and reduce false positives.
• Proactively hunt for threats across endpoints, networks, and cloud environments using behavioral analysis and threat intelligence.
• Mentor and support SOC analysts, providing technical coaching, procedural guidance, and fostering a culture of continuous learning and operational excellence.
• Collaborate with security engineering teams to improve detection capabilities and integrate new data sources and tools.
• Oversee SOC processes and workflows, identifying opportunities for automation, optimization, and alignment with best practices such as MITRE ATT&CK.
• Analyze and communicate security trends and incident metrics, producing actionable reports and recommendations for leadership and stakeholders.
• Contribute to the development of playbooks, SOPs, and response frameworks to standardize SOC operations and improve response maturity.
• Participate in red/blue/purple team exercises to validate and enhance detection and response effectiveness.
• Stay ahead of emerging threats and technologies, advising on strategic improvements to the organization’s overall security posture.

Qualifications

• 8+ years of experience in security operations, threat detection, or incident response, with at least 2–3 years in a senior or lead SOC role.
• Proven track record of managing or serving as a senior escalation point for high-impact security incidents.
• Deep understanding of security monitoring tools and technologies, including SIEM (e.g., Splunk, QRadar, Sentinel, Elastic), EDR/XDR, and SOAR platforms.
• Strong proficiency in incident response processes, log analysis, network traffic analysis, and endpoint investigation.
• Familiarity with cloud security monitoring and detection (AWS, Azure, or GCP).
• Experience developing and tuning detection rules, correlation logic, and playbooks to improve SOC efficiency.
• Solid understanding of network protocols, operating systems, and common attacker tools and techniques.
• Demonstrated ability to lead technical teams, mentor junior analysts, and drive cross-functional collaboration.
• Strong analytical, problem-solving, and decision-making skills under pressure.
• Excellent written and verbal communication skills, including the ability to brief executives and non-technical stakeholders.
• Experience developing SOC metrics, dashboards, and reports to track operational performance and threat trends.
• Excellent communication skills, with the ability to present complex findings clearly.
• Certifications (preferred): GIAC Certified Incident Handler (GCIH), GIAC Cyber Threat Intelligence (GCTI), Certified Ethical Hacker (CEH), or related certifications.
• A bachelor's degree in computer science or equivalent

Recruiter:

Kristina Sedjo (kristina.sedjo@sunrun.com)

Please note that the compensation information is made in good faith for this position only.  It assumes that the successful candidate will be located in markets within the United States that warrant the compensation.  Please speak with your recruiter to learn more.

Starting salary/wage for this opportunity:

150,290.60 to 180,348.72

Compensation decisions will not be based on a candidate's salary history. You can learn more here.

This job description outlines the primary responsibilities, some essential job functions, and qualifications for the role. It may not include all essential functions, tasks, or requirements. If you are a qualified individual with a disability and you need reasonable accommodation during the hiring process or to perform this role, please contact us at candidateaccommodations@sunrun.com.

Sunrun is proud to be an equal opportunity employer that does not tolerate discrimination or harassment of any kind.  We believe that empowering people and valuing their differences are essential for our mission of connecting people to the cleanest energy on earth. Learn more here: EEO | Sunrun