Security Incident Response and SOC Oversight Analyst

Job Description

The Security Incident Response Analyst is responsible for coordinating and governing the enterprise security incident lifecycle, ensuring consistent, efficient, and compliant response aligned with the SANS Incident Response framework and Aramark?s enterprise processes.

This role focuses on incident ownership, communication, and partnership across cybersecurity, IT, and enterprise incident management teams?ensuring events are resolved swiftly, lessons are captured, and security posture continuously improves.

Job Responsibilities

Security Incident Management

Coordinate and track security incidents from detection through containment, eradication, and recovery.

Serve as incident commander for medium-severity events and deputy commander for high-severity incidents.

Partner with Enterprise Incident Management and IT teams to ensure alignment between cyber and business response processes.

Manage post-incident reviews, lessons learned, and follow-up remediation actions.

Maintain and evolve incident response playbooks, workflows, and severity classifications aligned to SANS and ISO 27035 frameworks.

Prepare and deliver executive-level communications and situation reports summarizing incident impact, containment actions, and next steps.

Report on key metrics including MTTA, MTTR, volume, severity, and root cause trends.

SOC Oversight

Act as day-to-day liaison to the Managed SOC provider, ensuring high-quality, timely escalations.

Review detection content efficacy, false-positive rates, and coverage gaps.

Monitor SOC SLAs and ensure continuous improvement in alert handling and escalation quality.

Coordinate onboarding of new log sources, tools, and data streams for detection coverage.

Maintain SOC runbooks and escalation criteria to ensure consistent operations.

Qualifications

Qualifications

Bachelor?s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).

3?5 years in security operations, incident response, or IT incident/problem management.

Experience with SANS/NIST/ISO 27035 incident management frameworks.

Familiarity with enterprise security tools such as SIEM, EDR, SOAR, and ITSM platforms (e.g., ServiceNow, Jira).

Strong written and verbal communication skills, including experience preparing executive communications or incident summaries.

Calm under pressure, organized, and detail-oriented with strong cross-functional collaboration skills.

Key Competencies

Incident Leadership: Calm and confident during high-pressure events.

Analytical Thinking: Able to connect technical findings to business impact.

Collaboration: Strong partner to enterprise incident management, IT, and operations.

Process Improvement: Driven to improve detection, escalation, and response workflows.

Executive Communication: Able to translate technical details into clear, concise updates for leadership.

Education

About Aramark

Our Mission

Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet.

At Aramark, we believe that every employee should enjoy equal employment opportunity and be free to participate in all aspects of the company. We do not discriminate on the basis of race, color, religion, national origin, age, sex, gender, pregnancy, disability, sexual orientation, gender identity, genetic information, military status, protected veteran status or other characteristics protected by applicable law.

About Aramark

The people of Aramark proudly serve millions of guests every day through food and facilities in 15 countries around the world. Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet. We believe a career should develop your talents, fuel your passions, and empower your professional growth. So, no matter what you're pursuing - a new challenge, a sense of belonging, or just a great place to work - our focus is helping you reach your full potential. Learn more about working here at or connect with us on Facebook , Instagram and Twitter .