Defensive Cyber Operations Watch Analyst Tier II

About The Position

Requirements

• Bachelor’s Degree in relevant discipline or at least 5 years of experience working in a CSSP, SOC, or similar environment
• At least 1 year experience conducting in-depth analysis or incident response with any of the following tools: Splunk, Elastic, Corelight, Palo Alto Panorama, Windows Azure/Defender, AWS, Crowdstrike, Volatility, or SIFT Workstation
• At least 1 year of experience authoring technical documentation for security incidents, such as creating detailed investigation timelines, documenting indicators of compromise (IOCs), or writing shift turnover reports for ongoing incidents
• Must be a U.S. Citizen
• Must have DoD 8570 IAT Level II and CSSP IR compliant certifications
• Secret Clearance required to start, with ability to obtain TS/SCI

Nice To Haves

• Demonstrated experience conducting in-depth log correlation and analysis for complex security incidents across multiple data sources (e.g., EDR, IDS/IPS, DNS, & operating system logging solutions)
• Advanced proficiency in writing complex search queries in SIEM platforms (e.g., Splunk, Elastic, Sentinel) to identify anomalous or malicious activity
• Experience building advanced scripts (e.g., in Python, PowerShell, Bash, etc) to automate detection and analysis tasks
• Experience integrating and operationalizing threat intelligence feeds to create new detection mechanisms or enrich existing data
• Previous experience informally mentoring junior analysts, creating training documentation, or leading small-group knowledge-sharing sessions
• Demonstrated passion for cybersecurity and continuous learning through active participation in Capture the Flag (CTF) events, (e.g., TryHackMe, Hack The Box, etc)
• Completion of practical, hands-on cybersecurity training courses or certifications (e.g., Security Blue Team BTL1/BTL2, AntiSyphon training courses, OffSec OSCP)

Responsibilities

• Analyze and respond to validated security incidents, determining severity and impact per CJCSM 6510.01B
• Support incident response campaigns by organizing response efforts, tracking progress, and ensuring proper documentation
• Coordinate with reporting agencies and subscriber sites to ensure timely and accurate incident reporting
• Perform network and host-based digital forensics on Windows and other operating systems as needed
• Conduct log correlation analysis using Splunk and supplemental tools to identify patterns in network and system activity
• Compile and maintain internal SOP documentation, ensuring compliance with CJCSM 6510.01B and other directives
• Provide 24/7 support for incident response during assigned shifts, including non-core hours
• Support IDS/IPS signature development and implementation under guidance

Benefits

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.