Security Analyst

About The Position

Requirements

• Three (3) to five (5) years of experience in cybersecurity operations, SOC analysis, incident response, or related security disciplines.
• Demonstrated hands-on experience with Splunk Enterprise Security, including search development, dashboard creation, and correlation rule tuning.
• Experience utilizing Microsoft Defender for Endpoint for security investigations and policy management.
• Working knowledge of AWS cloud security technologies, including GuardDuty, Security Hub, or equivalent tools.
• Proven experience managing incidents through the complete incident response lifecycle.
• Working knowledge of MITRE ATT&CK framework and common threat actor tactics, techniques, and procedures.
• Familiarity with incident response methodologies and frameworks such as NIST 800-61.
• Strong analytical, investigative, and problem-solving capabilities.
• Excellent written and verbal communication skills.
• Experience supporting federal government customers or highly regulated environments.
• Ability to work independently while collaborating effectively with cross-functional teams.
• An active Public Trust clearance or the ability to obtain and maintain one.

Nice To Haves

• Experience with Security Orchestration, Automation, and Response (SOAR) platforms.
• Experience developing automation scripts utilizing Python, PowerShell, or similar technologies.
• Familiarity with FISMA, FedRAMP, CMMC, or other federal cybersecurity compliance frameworks.
• Experience with Network Detection and Response (NDR) technologies.
• Exposure to packet capture analysis and network forensics platforms.
• Knowledge of malware analysis methodologies and digital forensics fundamentals.
• Industry certifications such as Security+, CySA+, GCIH, GCIA, CEH, or equivalent.

Responsibilities

• Monitor and analyze security events utilizing Splunk Enterprise Security (ES).
• Build, maintain, and tune Splunk searches, correlation rules, alerts, and dashboards.
• Conduct incident response activities from detection through containment, eradication, recovery, and closure.
• Investigate endpoint security incidents utilizing Microsoft Defender for Endpoint.
• Perform endpoint policy management and incident investigations.
• Assess AWS cloud security telemetry utilizing GuardDuty, Security Hub, and related cloud security services.
• Identify threats, vulnerabilities, suspicious activity, and cloud misconfigurations.
• Execute alert triage, incident scoping, and escalation activities according to established playbooks.
• Recommend updates and improvements to operational procedures and incident response playbooks.
• Support threat hunting activities and detection engineering initiatives aligned to MITRE ATT&CK methodologies.
• Perform phishing investigations, alert enrichment, and forensic review activities.
• Conduct root cause analysis and document corrective actions following security incidents.
• Track incidents and operational tasks utilizing case management systems.
• Participate in tabletop exercises and operational readiness activities.
• Collaborate with Security Operations teams, Incident Response personnel, and federal stakeholders.
• Prepare reports and communicate findings to technical and non-technical audiences.
• Perform other job-related duties as assigned.

Benefits

• Medical
• Dental
• Vision
• 401(k)
• Paid Time Off
• Life Insurance
• Disability Coverage