View all jobs

Vehicle SOC Analyst (L1)

Department: Operations
Location: North America


Are you looking to be in the forefront of automotive cybersecurity? Would you like to work with some of the largest and most exciting automotive players in the world?

Upstream is looking for a Vehicle SOC (VSOC) Analyst to join the Upstream VSOC analysts team on an on-call, nights, and weekends shift schedule and focus on addressing potential vehicle security incidents, evaluate incidents identified by the Upstream Platform, and implement, together with our customers, mitigative actions.

As a VSOC analyst you will use threat intelligence, previous similar attack vectors, and insights from internal research teams to pinpoint affected assets, the type of attack, and the extent of the attack. 

The VSOC analyst will act as the vehicle security focal point for managed services for customers and troubleshooting of real-time potential security alerts.

The position is a part-time position, requires working in nights and weekends shift schedule and is Michigan, USA based.


  • Monitor security events received through alerts from the Upstream Platform or other security tools.
  • Carry out L1 triage of incoming alerts (initial assessing the priority of the event, initial determination of incident to determine risk and damage or appropriate routing of security risks)
  • Consolidating data from alert triage to provide context necessary to initiate Tier II or Tier III work.
  • Maintain assigned ticket queue.
  • Escalating triaged alerts to L2 & L3 Analysts for deeper analysis and review.
  • Support for daily operational activities.
  • Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
  • Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
  • Fine tune detection logic and machine learning profiles.
  • Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
  • Create a final incident report detailing the events of the incident.
  • Working with the team to create RCA's for events escalated to incident levels.
  • Development and execution of Standard Operating Procedures, Event Handlers and Job Aids required for successful task completion.


  •  Willing to work a flexible schedule within a 24x7x365 Vehicle Security Operations Center (VSOC) environment, as well as expected to work holidays.
  • College graduates in a technical field or equivalent real-world experience.
  • Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, etc.
  • Familiarity with malware techniques and attack techniques (e.g. code injection, DGA, hooks, etc.)
  • Familiarity with big data platforms and data analysis (e.g. SQL, python).
  • Strong troubleshooting and problem-solving skills.
  • Proficient in preparation of reports, dashboards, and documentation.
  • Excellent communication skills.
  • Ability to handle high pressure situations with key stakeholders.
  • Excellent interpersonal skills, positive attitude and outstanding customer approach.
  • Ability to take initiative and adapt.
  • Have excellent written and verbal communication skills.
  • Possess the ability to adjust and adapt to changing priorities in a dynamic environment.
  • Be able to multitask and be proactive in addressing issues and requests.
  • Possess technical acumen and the ability to understand and interpret technical specifications.
  • (Optional) Experience in security device management and SIEM (Splunk, QRadar, ArcSight, etc.).

Upstream is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.