Cybersecurity / SOC Analyst

About The Position

Requirements

• Active TS/SCI or Q/SCI clearance required.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field; equivalent operational experience may be substituted.
• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD., 12 years with a HS Diploma
• 5+ years of experience supporting Security Operations Center (SOC), Computer Network Defense (CND), or cyber operations environments.
• Hands-on experience with: Splunk Enterprise Security (ES), CrowdStrike Falcon, Tanium, SIEM and log aggregation platforms, Endpoint Detection and Response (EDR) tools, Security ticketing and workflow management systems
• Experience performing: Incident response, Threat hunting, Malware analysis, Alert triage and escalation, Log correlation and forensic analysis
• Strong understanding of: TCP/IP protocol suite, DNS, Routing and switching concepts, Network security architecture, Remote access security technologies, Enterprise security monitoring
• Experience analyzing: NetFlow data, Packet captures (PCAP), Security event logs, Indicators of compromise (IOCs)
• Knowledge of: MITRE ATT&CK framework, Threat actors and adversary campaigns, Cyber kill chain methodologies, Intelligence Community cybersecurity operations
• Ability to communicate technical findings clearly through written reports and verbal briefings.

Nice To Haves

• Prior experience supporting Intelligence Community (IC), Department of Defense (DoD), or other Federal Government cybersecurity programs.
• Familiarity with CDOC/SOC operational environments and federal cybersecurity compliance frameworks.
• Experience with classified network environments and cross-domain security operations.
• Industry certifications such as: CompTIA Security+, CySA+, CEH, GCIH, GCIA, CISSP
• Knowledge of: NIST 800-series publications, RMF (Risk Management Framework), Continuous Diagnostics and Mitigation (CDM), Cyber threat intelligence analysis

Responsibilities

• Provide continuous 24x7x365 monitoring, analysis, and response support for enterprise cyber defense operations.
• Conduct Computer Network Defense (CND) activities in support of Intelligence Community (IC) mission requirements.
• Monitor, analyze, triage, and respond to security events and cyber threats targeting enterprise infrastructure, networks, and endpoints.
• Perform incident handling, malware analysis, and threat investigations utilizing tools including Splunk Enterprise Security (ES), CrowdStrike Falcon, Tanium, and enterprise eDiscovery platforms.
• Validate security alerts through real-time log analysis and correlation to determine true positive incidents and initiate containment procedures.
• Escalate and document incidents in accordance with established SOC/CDOC operational procedures and federal reporting requirements.
• Analyze NetFlow data, packet captures (PCAP), DNS activity, and network traffic patterns to identify indicators of compromise (IOCs) and malicious behavior.
• Conduct intrusion analysis and support advanced threat detection efforts involving nation-state and advanced persistent threat (APT) actors.
• Track incidents and investigative activities within Security Operations Center workflows and ticket management systems.
• Develop and maintain detailed incident reports, threat summaries, and operational documentation for leadership and cybersecurity stakeholders.
• Collaborate with cyber defense, engineering, and intelligence teams to identify vulnerabilities and improve enterprise security posture.
• Assist with vulnerability assessments, remediation efforts, and implementation of defensive security measures.
• Support continuous monitoring initiatives and evaluate effectiveness of enterprise-wide information security controls.
• Maintain awareness of emerging cyber threats, Intelligence Community security directives, and evolving adversarial TTPs.

Benefits

• overtime
• shift differential
• discretionary bonus