Cyber Security Analyst Tier III
LED FastStart•Bossier City, LA
•Onsite
About The Position
As a senior member of the SOC team supporting the Virginia Information Technology Agency (VITA), the Tier III analyst serves as the primary escalation authority for high-severity security incidents and owns the full escalation chain from initial triage through containment, remediation, and post-incident review. A core function of this role is building and maintaining operational Splunk dashboards, automated detection workflows, and correlation searches that improve SOC efficiency and threat visibility. The Tier III analyst brings deep hands-on experience working in Splunk at an advanced level and provides threat hunting and incident response expertise across the team. The role may also require mentoring junior analysts and operating third-party toolsets within the client environment.
Requirements
- 8 or more years of experience in cybersecurity operations
- Splunk experience — advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment
- CyberArk experience — privileged access management in a government or enterprise SOC environment
- Qualifying certification to meet DoW 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+
Nice To Haves
- Less than 10% travel requirement
- Public Trust/Other Required: Other
Responsibilities
- Lead complex investigations and incident response (Tier III ownership): pivoting across identity, endpoint, network, email, cloud, and SaaS telemetry to drive containment and remediation
- Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities
- Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks
- Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches
- Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks
- Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results
- Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership
- Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats
- Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed
- Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications
- Document emerging threat intelligence and reported IOCs for security tool integrations
- Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment
- Develop and tune detection content — including use cases, correlation rules, and alert logic — to improve fidelity and reduce noise across the SOC environment
- Analyze and act on intelligence information to secure customer networks and devices
- Working knowledge of scripting (Python, PowerShell, or Bash) for security automation, log parsing, and workflow integration; ability to read and modify scripts to support SOC operations
- Support automation efforts that reduce manual analyst burden, improve detection fidelity, and accelerate incident response timelines.
- Document and maintain runbooks and playbooks; mentor Tier I/II analysts as needed and contribute to post-incident retrospectives and continuous detection improvements
- Develop lessons learned documentation, reporting, and SOPs for incident response
- Serve as team/task lead as required; coach less-experienced analysts and model best practices across the escalation chain
- Maintain current understanding of cybersecurity best practices and motivate team members to expand knowledge and capabilities
Benefits
- AI-powered career tool that identifies career steps and learning opportunities
- An internal mobility team focused on helping you achieve your career goals
- Comprehensive benefits and wellness packages
- 401K with company match
- Competitive pay and paid time off
- Full-flex work week to own your priorities at work and at home
- Award-winning culture of innovation and a military-friendly workplace
- Variety of medical plan options, some with Health Savings Accounts
- Dental plan options
- Vision plan
- 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
- Full flex work weeks where possible
- Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
- Short and long-term disability benefits
- Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
