You’ve got the spark, the curiosity that makes you ask “why?” when others move on. You love solving puzzles, learning new tools, and understanding how things work (and how they break). Maybe you’ve done some hands-on IT work, tinkered with packet captures, or even caught yourself reading about the latest exploits for fun. If that sounds like you, you might be exactly who we’re looking for.

At Expel, we protect customers by thinking like attackers. Our analysts investigate alerts, dig through data, and communicate findings with empathy and precision. As an Associate SOC Analyst, you’ll be on the front lines of our Managed Detection & Response (MDR) service, helping detect, analyze, and respond to threats across diverse environments from endpoint to cloud.

This is more than an entry point, it’s a launch pad. We’ll train you, mentor you, and help you grow from your first alert triage to full-scale investigations. You’ll learn from expert analysts who’ve seen it all (and lived to meme about it). You’ll refine your craft in real-world scenarios, protecting real organizations, and making a visible impact.

What Expel Can Do For You

• Analyze and investigate alerts to identify, assess, and respond to potential threats.
• Collaborate with teammates and customer security teams to remediate incidents and strengthen defenses.
• Conduct threat hunts and root-cause analysis to uncover attacker activity.
• Take ownership of alert triage through the entire lifecycle—from detection to resolution.
• Constantly look for ways to improve how we detect, defend, and deliver for our customers.
• Participate in 24x7 rotational coverage, because attackers don’t sleep.

What You Can Do For Expel (With the help of training, of course)

• Get you out of theory and into real security operations.
• Surround you with seasoned mentors who want to see you succeed.
• Offer training, tools, and hands-on experience to accelerate your career.
• Immerse you in a collaborative, growth-minded culture that values curiosity, communication, and creativity.
• Provide transparent pay, unlimited PTO, flexible work, and up to 24 weeks parental leave.

What You Should Bring With You

• Integrity, curiosity, and a client-first mindset.
• Strong written communication, you can adapt tone and detail whether you’re messaging a teammate or writing a customer report.
• A fundamental understanding of TCP/IP, operating systems, and common network protocols.
• Experience with Windows, macOS, and Linux systems, including command-line familiarity.
• Awareness of cloud applications (O365, Okta) and cloud infrastructure (AWS, Azure, GCP).
• Familiarity with detection and response tools like SIEM, EDR, and IDS/IPS.
• A curiosity about attacker techniques, the MITRE ATT&CK framework, and how defenders can outsmart them.
• 1–2 years of IT or security experience is preferred, but if you’ve got passion, potential, and a compelling story, we want to hear it.

Additional notes

The base salary range for this role is between $85,000 USD and $90,000 USD + 20% bonus (paid out quarterly) & equity.

We believe in paying transparently and equitably. Your salary will ultimately be based on factors such as your experience, skills, team equity, and market data. You’ll also be eligible for unlimited PTO (which we model and encourage), work location flexibility, up to 24 weeks of parental leave, and really excellent health benefits.

We’re only hiring those authorized to work in the United States. We do not currently sponsor immigration visas.

We’re an Equal Opportunity Employer: You’ll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

We’ll ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please let us know if you need accommodation of any kind.

#LI-Remote