Security Operations Center Analyst - Low

Koniag Government Services, LLCWashington, DC
$108,000 - $131,104Onsite

About The Position

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a motivated and detail-oriented Junior Security Operations Center (SOC) Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is an early-career cybersecurity professional with a foundational understanding of security operations, network security monitoring, and incident response concepts. This individual will work under the guidance and mentorship of senior SOC analysts and the Cybersecurity Operations Technical Lead, supporting the continuous monitoring and defense of SBA's enterprise IT environment and gaining valuable hands-on experience in federal cybersecurity operations. The Junior SOC Analyst will support the continuous monitoring, threat detection, and incident response activities of SBA's Security Operations Center, performing first-line security event monitoring, alert triage, and incident documentation under the direction of senior SOC staff.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
  • 0-2 years of experience in cybersecurity, IT operations, or a related field, with demonstrated foundational knowledge of security operations, network monitoring, or incident response concepts.
  • Basic familiarity with security operations concepts, including security event monitoring, alert triage, incident response, and common cybersecurity threat types.
  • One or more of the following certifications: CompTIA Security+, CompTIA CySA+, CompTIA Network+, Systems Security Certified Practitioner (SSCP), Microsoft Security Operations Analyst Associate (SC-200).
  • Strong communication skills in English – both written and oral – with the ability to clearly document security events, incidents, and observations, and effectively communicate findings and escalations to senior SOC staff and other stakeholders.
  • Foundational understanding of security operations center (SOC) concepts and workflows, including security event monitoring, alert triage, incident classification, escalation procedures, and incident documentation.
  • Basic knowledge of common cybersecurity threat types, attack techniques, and indicators of compromise (IOCs), including malware, phishing, unauthorized access attempts, denial of service, and insider threats.
  • Familiarity with SIEM platforms and the ability to navigate SIEM dashboards, query security event data, and review alerts under the guidance of senior SOC analysts, with experience in platforms such as Splunk, Microsoft Sentinel, or equivalent.
  • Basic understanding of network security concepts, including TCP/IP networking fundamentals, common network protocols, firewall concepts, and IDS/IPS functionality, sufficient to support first-line review and interpretation of network security events and alerts.
  • Familiarity with endpoint security concepts and basic EDR tool functionality, including the ability to review endpoint alerts and telemetry data under senior staff guidance to support initial triage activities.
  • Basic log analysis skills, including the ability to review and interpret log entries from common sources such as Windows Event Logs, Syslog, and firewall logs, with an understanding of key log fields and their security relevance.
  • Familiarity with incident response concepts and the phases of the incident response lifecycle, including preparation, detection and analysis, containment, eradication, recovery, and post-incident review.
  • Strong attention to detail and accuracy in documenting security events, incidents, and response activities within incident management and ticketing systems.
  • Demonstrated ability and willingness to work collaboratively under the direction of senior staff in a team-oriented, mission-driven environment, actively seeking guidance and feedback to improve personal performance and contribution to the SOC team.
  • Basic familiarity with the MITRE ATT&CK framework and its application to understanding adversary tactics, techniques, and procedures (TTPs) relevant to security event monitoring and alert triage activities.
  • Strong work ethic, intellectual curiosity, and genuine commitment to continuous learning and professional development in the field of cybersecurity operations.
  • Ability to obtain and maintain a Public Trust Clearance.

Nice To Haves

  • 1-2 years of experience in a SOC, IT operations, help desk, or cybersecurity-related role, with hands-on exposure to security event monitoring, alert triage, or incident response activities.
  • Prior internship, academic project, or work experience supporting cybersecurity operations or security monitoring activities in a federal government or enterprise environment.
  • Certified SOC Analyst (CSA) certification or active pursuit of same.
  • Prior experience or academic coursework related to security operations, network security monitoring, or incident response, demonstrating foundational knowledge of SOC workflows and cybersecurity operations concepts.
  • Familiarity with cloud security monitoring concepts and basic awareness of cloud-native security logging and monitoring capabilities in AWS, Azure, or GCP environments.
  • Basic familiarity with threat intelligence concepts, including an understanding of IOCs, threat feeds, and the role of threat intelligence in supporting SOC monitoring and alert triage activities.
  • Familiarity with vulnerability management concepts and basic experience reviewing vulnerability scan results, with an understanding of common vulnerability scoring systems such as CVSS.
  • Basic scripting familiarity, such as an introductory understanding of Python or PowerShell, with an interest in developing automation skills to support SOC workflow efficiency over time.
  • Knowledge of federal cybersecurity frameworks and compliance requirements, including basic familiarity with NIST SP 800-53, NIST SP 800-61, and FISMA, and their relevance to SOC operations within a federal government environment.
  • Familiarity with the CDM (Continuous Diagnostics and Mitigation) program and its role in supporting continuous monitoring activities within federal civilian agencies.
  • Experience using ticketing and case management platforms, such as ServiceNow, Jira, or equivalent, for tracking and documenting security incidents and SOC activity.
  • Participation in cybersecurity competitions such as CTF (Capture the Flag) events, academic cybersecurity research, or other extracurricular activities demonstrating a genuine passion for cybersecurity and a commitment to professional growth.
  • Demonstrated interest in pursuing advanced cybersecurity certifications, such as the GIAC Security Operations Certified (GSOC), Certified SOC Analyst (CSA), or GIAC Certified Incident Handler (GCIH), as part of a long-term professional development plan in cybersecurity operations.

Responsibilities

  • Perform first-line monitoring and triage of security alerts and events generated by SBA's SIEM platform, IDS/IPS systems, endpoint detection and response (EDR) tools, and other security monitoring technologies, escalating potential security incidents to senior SOC analysts in accordance with established SOC procedures and escalation protocols.
  • Assist in the initial triage and analysis of security events and alerts, applying foundational knowledge of common threat indicators, attack patterns, and malicious activity signatures to differentiate true positive security incidents from false positive alerts under the guidance of senior SOC staff.
  • Support incident response activities for identified security incidents, assisting senior analysts in documenting incident details, collecting relevant evidence, and maintaining accurate and timely incident records in SBA's incident management and ticketing systems.
  • Monitor SBA's networks, systems, and endpoints for indicators of compromise (IOCs), anomalous activity, and policy violations, escalating observations and findings to senior SOC analysts for further investigation and response.
  • Assist in the collection, review, and analysis of security-relevant log data from diverse sources, including Windows Event Logs, Syslog, firewall logs, web proxy logs, and application logs, supporting senior analysts in identifying patterns of potentially malicious activity.
  • Support the documentation and tracking of security incidents, tickets, and cases within SBA's incident management platform, ensuring accurate, complete, and timely recording of incident details, response actions, and resolution status.
  • Assist in the preparation of SOC shift handoff reports, daily activity summaries, and security event trend reports, supporting senior SOC staff in maintaining situational awareness and communicating SOC activity status to leadership.
  • Support vulnerability management activities by assisting in the review and documentation of vulnerability scan results, tracking remediation ticket status, and maintaining accurate vulnerability management records under the guidance of senior SOC staff.
  • Assist in maintaining and updating SOC documentation, including Standard Operating Procedures (SOPs), incident response playbooks, runbooks, and knowledge base articles, ensuring documentation remains current and accurately reflects SOC operational procedures and lessons learned.
  • Participate actively in SOC team meetings, briefings, training sessions, and knowledge-sharing activities, applying lessons learned and new knowledge to continuously improve personal performance and contribute to the overall capability of the SOC team.
  • Support the review and analysis of threat intelligence reports and advisories from US-CERT, CISA, and other government and commercial sources, assisting senior analysts in identifying relevant threats and IOCs applicable to SBA's environment.
  • Assist in the monitoring and enforcement of SBA's security policies and acceptable use standards, documenting potential policy violations and escalating findings to senior SOC staff for review and disposition.
  • Support purple team and tabletop exercise activities by assisting in the documentation of exercise scenarios, findings, and lessons learned, contributing to the continuous improvement of SBA's detection and response capabilities.
  • Engage in continuous self-directed learning and professional development activities to build expertise in cybersecurity operations, threat detection, and incident response, working toward recognized industry certifications and expanded SOC responsibilities over time.

Benefits

  • health, dental and vision insurance
  • 401K with company matching
  • flexible spending accounts
  • paid holidays
  • three weeks paid time off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service