Security Operations Center Analyst - Mid

Koniag Government Services, LLCWashington, DC
$115,000 - $140,744Onsite

About The Position

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a skilled Mid-Level Security Operations Center (SOC) Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is an experienced cybersecurity professional with a solid foundation in security event monitoring, threat detection, and incident response within a SOC environment. This individual will play an important role in protecting SBA's systems, networks, and data by actively monitoring for threats, analyzing security events, and supporting incident response activities in alignment with federal cybersecurity policies and SBA security requirements. The Mid-Level SOC Analyst will serve as an experienced cybersecurity operations professional responsible for monitoring, detecting, analyzing, and supporting the response to cybersecurity threats targeting SBA's enterprise IT environment. Working under the guidance of the Cybersecurity Operations Technical Lead and Senior Cyber Defense Analysts, this individual will contribute meaningfully to all aspects of SOC operations while continuing to develop and refine their technical skills and expertise.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
  • Relevant work experience may be considered in lieu of a degree.
  • 3+ years of experience in cybersecurity operations, security event monitoring, or a related field, with demonstrated experience working within a SOC or cyber defense environment.
  • Demonstrated experience working with SIEM platforms and security monitoring tools in an operational environment.
  • One or more of the following certifications: CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), Certified SOC Analyst (CSA), GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), Systems Security Certified Practitioner (SSCP).
  • Strong communication skills in English – both written and oral – with the ability to clearly document and communicate security findings, incident details, and analytical results to both technical and non-technical audiences.
  • Solid understanding of security event monitoring, alert triage, and incident response processes and procedures within a SOC environment.
  • Working knowledge of SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar), including the ability to perform log searches, build basic queries, and analyze security event data to identify potential threats and anomalies.
  • Foundational knowledge of network security concepts, including TCP/IP, DNS, HTTP/S, firewalls, IDS/IPS, and the ability to analyze basic network traffic patterns to identify potentially malicious activity.
  • Experience working with endpoint detection and response (EDR) tools and the ability to investigate host-based security alerts and identify indicators of compromise on endpoints.
  • Familiarity with the MITRE ATT&CK framework and the ability to apply ATT&CK tactics and techniques to the analysis and classification of security events and incidents.
  • Ability to conduct log analysis across common data sources, including Windows Event Logs, Syslog, and application logs, to support security event investigation and incident response activities.
  • Familiarity with threat intelligence concepts and the ability to leverage threat intelligence feeds and indicators of compromise (IOCs) to support security monitoring and analysis activities.
  • Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, and FISMA, and their application to SOC operations within a federal environment.
  • Ability to accurately document security events, incidents, and investigative findings in ticketing and case management systems in a clear, concise, and thorough manner.
  • Strong analytical and problem-solving skills with the ability to assess security alerts and events, identify patterns of potentially malicious activity, and escalate findings appropriately.
  • Ability to work effectively both independently and as part of a collaborative team in a fast-paced, mission-driven SOC environment, including the ability to manage multiple concurrent tasks and priorities.
  • Ability to obtain and maintain a Public Trust Clearance.

Nice To Haves

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
  • 5+ years of cybersecurity operations experience, with a focus on SOC operations within a federal government or defense contracting environment.
  • Prior experience supporting SBA or other federal civilian agency SOC operations or cybersecurity programs.
  • Experience with cloud security monitoring in AWS, Azure, or GCP environments, including familiarity with cloud-native logging and monitoring services such as AWS CloudTrail, Azure Monitor, or Google Cloud Logging.
  • Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms and basic scripting capabilities in Python or PowerShell to support the automation of routine SOC tasks and workflows.
  • Experience supporting vulnerability management activities, including working with vulnerability scanning tools such as Tenable Nessus, Qualys, or similar platforms.
  • Knowledge of Zero Trust Architecture (ZTA) principles and their implications for security monitoring and SOC operations within a federal IT environment.
  • Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, data requirements, and their role in supporting federal civilian agency SOC operations.
  • Experience participating in incident response activities and contributing to after-action reviews and lessons learned processes.
  • Familiarity with digital forensics concepts and basic forensic investigation techniques to support the collection and preservation of digital evidence during incident response activities.
  • GIAC Security Operations Certified (GSOC) or GIAC Certified Enterprise Defender (GCED) certification.
  • Experience working within a FedRAMP authorized cloud environment and familiarity with FedRAMP security requirements as they relate to SOC monitoring and incident response activities.

Responsibilities

  • Perform continuous monitoring of SBA networks, systems, endpoints, and cloud environments using SIEM platforms, IDS/IPS tools, EDR solutions, and other security technologies to detect and identify potential threats, anomalies, and indicators of compromise.
  • Conduct analysis and triage of security events and alerts generated by SOC monitoring tools, determining the validity, scope, and severity of potential security incidents and escalating confirmed or suspected incidents to senior analysts and the Technical Lead in accordance with established procedures.
  • Support incident response activities, including initial containment actions, evidence preservation, and coordination with senior analysts and the Technical Lead during active security incidents, following SBA's incident response policies and NIST SP 800-61 guidelines.
  • Investigate security events and incidents by analyzing network traffic, system logs, endpoint telemetry, and other relevant data sources to identify the root cause, scope, and impact of potential security issues.
  • Document security events, incidents, and investigative findings accurately and thoroughly in SBA's ticketing and case management systems, maintaining detailed records of all SOC activities in accordance with established documentation standards.
  • Assist in the development and refinement of SIEM detection rules, correlation logic, and alerting thresholds under the guidance of senior analysts and the Technical Lead, contributing recommendations based on observed alert patterns and false positive analysis.
  • Support threat hunting activities by executing predefined hunt playbooks and assisting senior threat hunters in the identification of indicators of compromise and malicious activity within SBA's environment.
  • Monitor and analyze threat intelligence from government and commercial sources, including US-CERT, CISA, and relevant ISACs, to stay current on emerging threats and incorporate relevant intelligence into daily SOC monitoring and analysis activities.
  • Assist in the development and maintenance of SOC Standard Operating Procedures (SOPs), incident response playbooks, and runbooks, contributing updates and improvements based on operational experience and lessons learned.
  • Collaborate effectively with SBA IT teams, system owners, and other stakeholders to communicate security findings, support remediation coordination, and contribute to the improvement of SBA's overall security posture.
  • Support vulnerability management activities by reviewing and analyzing vulnerability scan results, assisting with the identification of high-priority vulnerabilities, and coordinating with system owners on remediation tracking and follow-up.
  • Participate in after-action reviews (AARs) and lessons learned sessions following significant security incidents, contributing observations and recommendations to improve SOC processes, procedures, and capabilities.
  • Prepare and contribute to the development of security incident reports, shift handover reports, and other SOC documentation, ensuring accuracy, completeness, and adherence to established reporting standards.
  • Participate in SOC team training activities, tabletop exercises, and professional development opportunities to continuously expand technical knowledge and skills in cybersecurity operations and threat analysis.
  • Ensure all SOC activities comply with applicable federal cybersecurity frameworks, policies, and regulations, including NIST, FISMA, and DHS/CISA directives and guidance.

Benefits

  • health, dental and vision insurance
  • 401K with company matching
  • flexible spending accounts
  • paid holidays
  • three weeks paid time off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service