Cyber Operations Analyst

The Aerospace Corporation•Colorado Springs, CO

2d•Onsite

About The Position

The Aerospace Corporation is the trusted partner to the nation’s space programs, solving the hardest problems and providing unmatched technical expertise. As the operator of a federally funded research and development center (FFRDC), we are broadly engaged across all aspects of space— delivering innovative solutions that span satellite, launch, ground, and cyber systems for defense, civil and commercial customers. When you join our team, you’ll be part of a special collection of problem solvers, thought leaders, and innovators. Join us and take your place in space. The Aerospace Corporation is seeking an experienced cybersecurity professional to serve as a Cyber Operations Analyst ( Information Security Staff III). In this dynamic role, you will function as a Tier 2/3 analyst responsible for handling escalated security events, conducting advanced threat analysis, and leading complex investigations across our enterprise environments. You will serve as a subject matter expert within our Security Operations Center (SOC), performing in-depth analysis of sophisticated threats, developing advanced detection capabilities, and mentoring junior analysts. You will leverage cutting-edge security tools, threat intelligence, and deep technical expertise to identify, analyze, and mitigate advanced cyber threats before they impact our mission. You will join a team of dedicated cybersecurity professionals who are chartered with securing Aerospace's classified and unclassified enterprise IT environments and viewed as leaders within the aerospace community. The selected candidate will be required to work full-time on-site at our facility in Colorado Springs, CO.

Requirements

Bachelor's degree in Cybersecurity, Computer Science, Information Systems or equivalent field of study, or equivalent experience
5-7 years of relevant experience in security operations, threat analysis, incident response, or SOC environments
Proven experience as a Tier 2 or Tier 3 SOC analyst handling escalated and complex security incidents
Advanced proficiency with SIEM platforms (Splunk, QRadar, LogRhythm, ArcSight, or similar) including custom query development
Deep understanding of network protocols, traffic analysis, and advanced attack techniques
Extensive experience analyzing security logs and correlating events across multiple data sources to identify sophisticated threats
Strong knowledge of Windows and Linux operating systems, including forensic artifacts, persistence mechanisms, and attacker techniques
Expertise with endpoint detection and response (EDR) platforms and advanced endpoint analysis
Thorough understanding of the MITRE ATT&CK framework and ability to map adversary behavior to tactics and techniques
Experience with threat hunting methodologies and tools to proactively identify threats
Advanced skills in network packet analysis using Wireshark, tcpdump, or similar tools
Ability to analyze malicious scripts, PowerShell commands, and basic malware behavior
Strong understanding of the cyber kill chain and advanced persistent threat (APT) methodologies
Excellent analytical and critical thinking skills with ability to synthesize complex technical information
Strong written and verbal communication skills for documenting complex findings and briefing stakeholders
Proven ability to work under pressure during critical incidents and manage multiple complex investigations
This position requires the ability to obtain and maintain a US Secret security clearance, which is issued by the US government. U.S citizenship is required to obtain a security clearance.

Nice To Haves

Relevant certifications such as GCIA, GCIH, GCFA, GNFA, GMON, CySA+, CISSP, or equivalent
Experience with security orchestration, automation, and response (SOAR) platforms and workflow automation
Proficiency with scripting languages (Python, PowerShell, Bash) for automation, data analysis, and tool development
Hands-on malware analysis or reverse engineering experience
Experience with memory forensics and advanced forensic analysis techniques
Knowledge of cloud security operations and threat detection in AWS, Azure, or GCP environments
Experience working in classified or high-security environments with sensitive data
Background with threat intelligence platforms (TIP) and developing custom threat intelligence
Experience with network security monitoring (NSM) tools such as Zeek (Bro), Suricata, or Snort
Track record of developing advanced detection content that identified previously undetected threats
Experience participating in or supporting red team/purple team exercises
Knowledge of adversary emulation frameworks and tools
Experience mentoring or training junior analysts and developing SOC capabilities
Understanding of compliance frameworks (NIST 800-53, NIST 800-171, CMMC) and their operational implications
Current and active Secret clearance

Responsibilities

Serving as Tier 2/3 escalation point for complex security alerts and incidents that require advanced analysis and investigation
Conducting deep-dive investigations into sophisticated threats, advanced persistent threats (APTs), and complex attack scenarios
Performing advanced threat hunting activities to proactively identify hidden threats, lateral movement, and persistent adversary presence across the enterprise
Analyzing security alerts from SIEM platforms, intrusion detection systems, EDR tools, and other security technologies to determine attack vectors and adversary objectives
Correlating data from multiple security tools and log sources to reconstruct attack timelines and identify full scope of compromise
Leading incident response activities for escalated events, coordinating containment and remediation efforts with cross-functional teams
Developing and tuning advanced detection rules, correlation searches, and behavioral analytics to improve threat detection capabilities
Analyzing malware behavior, suspicious scripts, and attacker tools to understand adversary techniques and develop countermeasures
Integrating threat intelligence into detection and response workflows, identifying relevant indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)
Providing technical guidance and mentorship to Tier 1 analysts, reviewing their work and helping develop their analytical skills
Creating and maintaining advanced playbooks, investigation workflows, and technical documentation for complex scenarios
Collaborating with incident response, threat intelligence, and security engineering teams on advanced security operations initiatives
Conducting post-incident analysis and lessons learned to improve detection, response capabilities, and operational procedures
Generating detailed technical reports and executive summaries on complex threats, investigation findings, and security trends
Remaining informed on the latest advanced threats, adversary tradecraft, exploitation techniques, and cutting-edge security technologies
Where necessary, providing after-hours escalation support for critical security incidents requiring senior analyst expertise

Benefits

Comprehensive health care and wellness plans
Paid holidays, sick time, and vacation
Standard and alternate work schedules, including telework options
401(k) Plan — Employees receive a total company-paid benefit of 8%, 10%, or 12% of eligible compensation based on years of service and matching contributions; employees are immediately eligible and vested in the plan upon hire
Flexible spending accounts
Variable pay program for exceptional contributions
Relocation assistance
Professional growth and development programs to help advance your career
Education assistance programs
An inclusive work environment built on teamwork, flexibility, and respect