Summary: Join the Security Operations Center team as an IT Security Analyst, investigating and validating security alerts, performing forensics, and enhancing SOC detection. Highlights: 1. Investigate and validate escalated security alerts 2. Perform endpoint and host-based forensics 3. Improve SOC detection by writing/tuning SIEM rules and YARA signatures We are hiring an **IT Security Analyst** **Level 2** who will fill an IT strategic position as part of the Security Operations Center (SOC) team to be based in Monterrey, Mexico. **Helping Our People Thrive****\-** **w****ellbeing** **ensures our employees feel seen,** **heard** **and valued*** Steelcase offers **competitive wages and benefits**, to support your life in and out of work * **Hybrid work schedule** means you have a say in where you work whether that is in the office, at home, or somewhere in between * Learning is the foundation of everything we do, and there is no shortage of **development opportunities** to grow and upskill * **Culture is a lifestyle** at Steelcase and we live it every day * Opportunity to **make an impact** on the world through Steelcase’s **commitment to people and planet** **Supporting Meaningful Work** **– work** **brings deeper motivation,** **purpose** **and fulfillment to our lives** * Investigate and validate escalated security alerts from Tier 1 using SIEM, EDR, network logs, cloud logs, and other telemetry to determine true positive incidents. * Map adversarial behaviors to frameworks like MITRE ATT\&CK and classify confirmed incidents. * Perform endpoint and host\-based forensics, examining processes, registry artifacts, event logs, memory dumps, prefetch files, timelines, and file system changes on affected systems. * Conduct basic malware analysis and extract IOCs and derive IoAs. * Use CTI to enrich investigations and link IOCs to known campaigns or threat actors. * Assess incident impact and scope, identifying compromised systems, affected accounts, and potential data exposure. * Execute containment and mitigation activities: isolating hosts, blocking malicious indicators, disabling, resetting accounts, and applying urgent fixes. * Collaborate with IT, network, cloud, and infrastructure teams during incident containment and recovery. * Create clear and thorough incident documentation: timelines, root cause, IOCs, impact, and recommended remediation. * Update case management systems (e.g., ServiceNow, TheHive) with investigation notes, evidence and RCAs. * Improve SOC detection by writing/tuning SIEM rules, EDR queries, and YARA signatures. * Update and enhance incident response playbooks and SOPs for common attack scenarios. * Provide effective shift handovers, sharing relevant context and ongoing investigations. * Document detailed incident reports and tickets, including executive summaries, technical timelines, root cause analysis, impact assessment, IOCs collected, actions taken, and recommended long\-term remediations. **Minimum Qualifications** * Bachelor’s degree in computer science, Information Technology, Software Engineering or related required. * Advanced English is a must. * Minimum 3 years of experience in a similar role. * Advanced SIEM expertise (Exabeam, Microsoft Sentinel KQL, Elastic). * Strong capability in log and event analysis across Windows, Linux, firewall, proxy, EDR, and WAF sources. * Proficiency in network traffic analysis (Wireshark, tcpdump; understanding malicious patterns, tunneling, C2, TLS anomalies). * Solid knowledge of the Incident Response lifecycle (NIST/SANS) and experience writing containment/eradication steps. * Advanced experience with EDR tools (CrowdStrike, Defender for Endpoint, Trend XDR, SentinelOne, Carbon Black). * Foundational skills in malware analysis and use of sandboxes (Hybrid Analysis, Joe Sandbox, Any.Run). * Ability to leverage Threat Intelligence (STIX/TAXII, MISP, VirusTotal, Shodan, GreyNoise, AbuseIPDB). * High proficiency in scripting and automation—especially Python, plus PowerShell and Bash. **Desired Skills and Experience** * Threat Hunting basics (hypothesis\-driven hunting, living\-off\-the\-land binaries detection) * Basic Digital Forensics (memory dumps with Volatility, timeline analysis with Plaso) * Experience with SOAR platforms (Cortex XSOAR, Swimlane, Palo Alto XSIAM, Microsoft Sentinel playbooks, FortiSOAR) * Cloud security awareness (AWS GuardDuty, Azure Sentinel, GCP Security Command Center) **Doing better for people and planet****\- when we do better, we help the world work better** Steelcase is a global design and thought leader in the world of work. Along with our expansive community of brands, we design and manufacture innovative furnishings and solutions to help people do their best work in the many places where work happens. **Why People Choose to Work with Us**: At Steelcase, we put people at the center of everything we do. We understand the role of work and believe that it can bring meaning and purpose to the lives of our customers and our employees. We prioritize supporting our employees both in and out of work, in all aspects of their lives. When we bring our talents together, we make a positive lasting impact through our work and communities. Steelcase provides employment opportunities to all qualified employees and applicants without regard to race, color, creed, genetic information, religion, national origin, gender, sexual orientation, gender identity and expression, age, disability, or veteran status and bases all employment decisions only on valid job requirements. If we can make the application process easier through accommodation, please email us at **myhr@steelcase.com**. \#LI\-Hybrid \#LI\-DM1