About PolymarketPolymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.About the RolePolymarket is looking for a SOC Analyst to join our internal security operations team. You'll be responsible for monitoring, triaging, and responding to security events across our environment — working alongside fellow in-house analysts and coordinating with our contracted 24/7 third-party SOC provider, serving as the escalation point for confirmed or ambiguous threats that require institutional context and hands-on response.What You'll DoMonitor SIEM, EDR, NDR, and cloud security tooling for alerts, anomalies, and indicators of compromise; review and triage escalations from the third-party SOC providerConduct proactive threat hunting using intelligence feeds, MITRE ATT&CK TTPs, and hypothesis-driven queriesLead containment, eradication, and recovery for confirmed incidents; coordinate with Engineering, Legal, and Leadership on high-severity eventsRespond to on-call pages per the team rotation schedule; write clear incident reports covering timeline, impact, root cause, and corrective actionsAnalyze malware samples, phishing campaigns, network traffic, and endpoint artifacts to determine scope and attacker TTPsIdentify detection gaps and propose new SIEM rules, correlation logic, and tuning improvementsAuthor and maintain SOC runbooks and playbooks used by both in-house and third-party teams; contribute to weekly/monthly reporting on incident trends and third-party SLA adherenceWhat We're Looking For2+ years of hands-on SOC, incident response, or security operations experienceProficiency with a SIEM platform (Palo Alto XSIAM preferred)Experience with EDR/XDR tooling (CrowdStrike, SentinelOne, or equivalent)Demonstrated ability to triage alerts including phishing, malware, lateral movement, and credential-based attacksSolid understanding of TCP/IP, DNS, HTTP/S, and common attack patternsAbility to read and write basic scripts or queries (Python, Bash, KQL, or SPL) to support analysisAvailability for rotating shifts and participation in on-call rotation(Plus) Experience managing escalations to or from an MSSP or third-party SOC(Plus) Certifications such as CompTIA CySA+, GCIA, GCIH, or equivalent(Plus) Familiarity with cloud security tooling in AWS, GCP, or Azure(Plus) Knowledge of the blockchain, DeFi, or crypto-sector threat landscape(Plus) Experience with MITRE ATT&CK-based threat hunting or purple team exercisesBenefitsCompetitive salary & equityUnlimited PTOFull Health, Vision, & Dental coverage401k matchHardware setup: new MacBook Pro, big display, & accessories