Cyber Security Analyst Tier III

About The Position

Requirements

• 8 or more years of experience in cybersecurity operations
• Splunk experience — advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment
• CyberArk experience — privileged access management in a government or enterprise SOC environment
• Qualifying certification to meet DoW 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+

Responsibilities

• Incident Response & Threat Operations Lead complex investigations and incident response (Tier III ownership): pivoting across identity, endpoint, network, email, cloud, and SaaS telemetry to drive containment and remediation
• Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities
• Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks
• Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches
• Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks
• Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results
• Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership
• Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats
• Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed
• Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications
• Document emerging threat intelligence and reported IOCs for security tool integrations
• Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment
• Develop and tune detection content — including use cases, correlation rules, and alert logic — to improve fidelity and reduce noise across the SOC environment
• Analyze and act on intelligence information to secure customer networks and devices
• Working knowledge of scripting (Python, PowerShell, or Bash) for security automation, log parsing, and workflow integration; ability to read and modify scripts to support SOC operations
• Support automation efforts that reduce manual analyst burden, improve detection fidelity, and accelerate incident response timelines.
• Document and maintain runbooks and playbooks; mentor Tier I/II analysts as needed and contribute to post-incident retrospectives and continuous detection improvements
• Develop lessons learned documentation, reporting, and SOPs for incident response
• Serve as team/task lead as required; coach less-experienced analysts and model best practices across the escalation chain
• Maintain current understanding of cybersecurity best practices and motivate team members to expand knowledge and capabilities

Benefits

• Comprehensive benefits and wellness packages
• 401K with company match
• Competitive pay and paid time off
• Full-flex work week to own your priorities at work and at home