About Polymarket

Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.

We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.

About the Role

Polymarket is looking for a SOC Analyst to join our internal security operations team. You'll be responsible for monitoring, triaging, and responding to security events across our environment — working alongside fellow in-house analysts and coordinating with our contracted 24/7 third-party SOC provider, serving as the escalation point for confirmed or ambiguous threats that require institutional context and hands-on response.

What You'll Do

Monitor SIEM, EDR, NDR, and cloud security tooling for alerts, anomalies, and indicators of compromise; review and triage escalations from the third-party SOC provider
Conduct proactive threat hunting using intelligence feeds, MITRE ATT&CK TTPs, and hypothesis-driven queries
Lead containment, eradication, and recovery for confirmed incidents; coordinate with Engineering, Legal, and Leadership on high-severity events
Respond to on-call pages per the team rotation schedule; write clear incident reports covering timeline, impact, root cause, and corrective actions
Analyze malware samples, phishing campaigns, network traffic, and endpoint artifacts to determine scope and attacker TTPs
Identify detection gaps and propose new SIEM rules, correlation logic, and tuning improvements
Author and maintain SOC runbooks and playbooks used by both in-house and third-party teams; contribute to weekly/monthly reporting on incident trends and third-party SLA adherence

What We're Looking For

2+ years of hands-on SOC, incident response, or security operations experience
Proficiency with a SIEM platform (Palo Alto XSIAM preferred)
Experience with EDR/XDR tooling (CrowdStrike, SentinelOne, or equivalent)
Demonstrated ability to triage alerts including phishing, malware, lateral movement, and credential-based attacks
Solid understanding of TCP/IP, DNS, HTTP/S, and common attack patterns
Ability to read and write basic scripts or queries (Python, Bash, KQL, or SPL) to support analysis
Availability for rotating shifts and participation in on-call rotation
(Plus) Experience managing escalations to or from an MSSP or third-party SOC
(Plus) Certifications such as CompTIA CySA+, GCIA, GCIH, or equivalent
(Plus) Familiarity with cloud security tooling in AWS, GCP, or Azure
(Plus) Knowledge of the blockchain, DeFi, or crypto-sector threat landscape
(Plus) Experience with MITRE ATT&CK-based threat hunting or purple team exercises