About AgileBlue
AgileBlue is an AI-native Security Operations platform that detects, investigates, and auto-responds to cyber threats across cloud, network, and endpoint environments. Our platform combines Sapphire AI for automated detection with 24/7 human-led investigation, built for mid-market organizations and the MSPs that serve them.
Position Overview
AgileBlue is hiring L1 SOC Analysts to work our alert queue across a 24/7 operation. This is a structured, playbook-driven role. You will triage alerts, identify benign activity, escalate real threats, and communicate findings to clients. Our AI platform handles automated closes. You handle everything that needs human judgment.
This is an entry-level role built for analysts who want to develop in a real SOC environment. If you want structured reps, a clear learning path, and the ability to advance quickly based on measurable performance, this is the right place to start.
What You Will Do
• Develop a working knowledge of the AgileBlue platform and SOC procedures through hands-on case work and structured training.
• Work the case queue across assigned shift hours. Triage and investigate security alerts following established playbooks and procedures.
• Apply the correct response path for each alert category. Follow customer-specific playbooks where they exist.
• Investigate suspicious activity to determine scope and intent. Document findings with enough detail for a handoff or client notification.
• Analyze security breaches and alert patterns to identify root cause. Flag false positive trends and rule noise to L3 analysts.
• Close benign cases with proper documentation. Escalate genuine threats to clients and hand off cases that exceed scope to the L3 analyst on shift.
• Review daily alert data to identify and report on vulnerabilities and emerging patterns across the customer
What We Are Looking For
• 0 to 2 years of SOC or security operations experience, or a career changer with relevant certifications and demonstrated lab work.
• Working knowledge of common alert categories: endpoint detections, network anomalies, identity events, and phishing indicators.
• Comfortable reading raw logs to determine whether an alert represents a real event.
• Familiarity with at least one SIEM or security platform, whether from prior work, coursework, or self-study.
• Clear written communication. Your case notes are part of the client record.
• Reliable, shift-committed, and ready to hand off context cleanly at every shift boundary.
Position Details
Job Type:
Full-Time Employment
Shift:
Multiple shifts available for 24/7 SOC Analyst team.
Location:
Cleveland, OH OR remote
Reporting To:
SOC Manager
Benefits:
Competitive base salary | 401k with company match | Unlimited PTO | Paid training and certification support | Clear, measurable path to advancement
To Apply
Submit your resume and a brief cover letter to HR@agileblue.com with 'SOC Analyst L1' as the subject line. Tell us about a specific alert or incident you investigated and how you approached it.
