Cyber Defense & Incident Responder (SOC Analyst)

GormatArlington, VA
Onsite

About The Position

The Cyber Defense & Incident Responder is responsible for monitoring, analyzing, and responding to cybersecurity incidents in accordance with established procedures. This role focuses on incident triage, investigation, containment, and recovery to minimize impact and restore normal operations. The analyst will leverage security tools, event logs, correlation data, and threat intelligence to determine the nature and scope of incidents, document findings, and recommend remediation steps.

Requirements

  • Minimum of 6 years of experience in Information Technology and/or Information Security
  • Experience with incident response, threat analysis, SIEM platforms, endpoint security tools, and log analysis
  • Strong analytical and investigative skills with the ability to derive accurate conclusions during incident investigations
  • Active Secret clearance or higher required
  • Must be eligible to obtain a Top Secret clearance if requested
  • Ability to successfully complete a DEA background investigation
  • Must possess at least one applicable DoD 8140 certification or obtain certification within 6 months of onboarding

Nice To Haves

  • Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Computer Science, Data Science, or related field from an ABET accredited or CAE designated institution preferred
  • Preferred DCWF Role 511 Cyber Defense Analyst certifications include: CBROPS, CFR, CompTIA Cloud+, CySA+, PenTest+, or Security+ CE, FITSP O, SANS GCED, GCFA, GCIA, GDSA, GFACT, GICSP, GISF, or GSEC

Responsibilities

  • Monitor enterprise security systems and analyze alerts to identify potential cybersecurity incidents
  • Review SIEM, IDS/IPS, EDR, and related tool alerts for anomalous activity and indicators of compromise
  • Validate alerts, reduce false positives, and prioritize incidents based on severity and impact
  • Perform triage and analysis of security events to determine scope, severity, and urgency
  • Examine log data, network telemetry, and endpoint information to identify malicious activity
  • Correlate event details with internal and external threat intelligence
  • Execute incident response actions in accordance with established procedures
  • Contain affected systems, remove malicious artifacts, and assist with system recovery
  • Escalate complex or critical incidents to senior analysts or SOC leadership as needed
  • Document investigative findings, incident timelines, and remediation actions
  • Create and manage incident tickets and upload supporting evidence and artifacts
  • Contribute to after action reviews and post incident reporting
  • Communicate findings clearly and concisely to technical and nontechnical stakeholders
  • Maintain SOC processes, tools, and playbooks to support effective incident handling
  • Recommend improvements to SOPs, escalation procedures, and detection capabilities
  • Participate in training exercises and knowledge sharing activities
  • Support red, blue, or purple team exercises as directed
  • Stay informed on current and emerging cyber threats, threat actor TTPs, and industry trends
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service