Description & Requirements
For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power the hybrid workplace of today and tomorrow. Today, Xerox is continuing its legacy of innovation to deliver client-centric and digitally-driven technology solutions and meet the needs of today’s global, distributed workforce. From the office to industrial environments, our differentiated business and technology offerings and financial services are essential workplace technology solutions that drive success for our clients. At Xerox, we make work, work. Learn more about us at www.xerox.com.
Overview:
Xerox is seeking a highly skilled and analytical Cybersecurity Operations Analyst III to join our Threat Detection & Response (TD&R) team. As the senior technical escalation point within the Security Operations Center (SOC), you will lead the investigation of the organization's most complex cybersecurity incidents, drive advanced threat hunting initiatives, and partner with Detection Engineering and Machine Learning teams to strengthen detection capabilities. This role is ideal for an experienced cybersecurity professional who thrives in a fast-paced environment, enjoys solving sophisticated security challenges, and is passionate about mentoring others while advancing security operations.
Why Join This Team:
- Protect Xerox by leading investigations into sophisticated cyber threats across a global enterprise.
- Work with advanced cybersecurity technologies, including AI-enabled detection, SOAR automation, SIEM, XDR, and threat intelligence platforms.
- Partner with Detection Engineering, Machine Learning, Incident Response, and IT teams to continuously improve security capabilities.
- Influence the future of security operations through automation, threat hunting, and detection strategy.
- Join an inclusive team committed to continuous learning, innovation, and technical excellence.
What You Will Do:
- Lead end-to-end investigations of complex, high-severity cybersecurity incidents across endpoints, networks, identity platforms, and cloud environments.
- Perform advanced memory, endpoint, and network forensic analysis to determine root cause and attacker activity.
- Conduct proactive, hypothesis-driven threat hunting using multiple telemetry sources and threat intelligence.
- Validate AI-generated detections, identify systemic false-positive trends, and provide structured feedback to Detection Engineering and Machine Learning teams.
- Design and enhance SOAR automations with appropriate validation, observability, rollback capabilities, and human oversight.
- Develop scripts and automation using Python and SQL to improve investigative efficiency and operational workflows.
- Make risk-based containment decisions and coordinate incident response activities with CSIRT, IT, and business stakeholders.
- Mentor SOC Analysts and contribute to technical documentation, knowledge sharing, quality reviews, and analyst development programs.
- Continuously improve detection logic, playbooks, and operational processes based on lessons learned from investigations and threat hunting activities.
What You Need to Succeed:
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related technical discipline, or an equivalent combination of education and experience.
- Four or more years of Security Operations Center (SOC) or Incident Response experience, including ownership of complex, multi-stage investigations.
- Experience working within AI- or Machine Learning-enabled detection environments.
- Expertise in digital forensics, threat hunting, SIEM, XDR, SOAR, and security incident response.
- Advanced knowledge of Linux and Windows operating systems, scripting with Python, and SQL for data analysis and automation.
- Experience with Cortex XSIAM or similar security platforms is preferred.
- Strong analytical, problem-solving, communication, and decision-making skills, with the ability to explain technical concepts to both technical and non-technical audiences.
- Industry certifications such as GCFA, GCIH, GNFA, GREM, or equivalent are considered an asset.
How We Set You Up for Success:
- Access to industry-leading cybersecurity technologies, AI-enabled security operations, and advanced threat detection platforms.
- Opportunities to collaborate with highly experienced cybersecurity, incident response, and detection engineering professionals.
- Continuous technical training, certification support, and professional development opportunities.
- A collaborative environment that encourages innovation, knowledge sharing, and technical leadership.
- An inclusive workplace committed to continuous improvement, operational excellence, and career growth.
#LI-REMOTE
#LI-JC2